How To Enable Secure Socket Layer (SSL) Communication Over LDAP For Windows 2000 Domain Controllers

ID: Q247078

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

SUMMARY

During the configuration of security settings for the Active Directory in Windows 2000, administrators may want to implement additional security measures for accessing the Active Directory. Windows 2000 provides Secure Sockets Layer (SSL) security over Lightweight Directory Access Protocol (LDAP). After you install the certificate, the Domain Controllers can communicate over both ports 389 or 636(SSL).


MORE INFORMATION

To enable SSL, follow these steps:

  1. Install an Enterprise Certificate Authority on a Windows 2000 Domain Controller. This automatically installs a certificate on a server.


  2. Open the Default Domain Controller Policy using the Group Policy Editor.


  3. Under Computer Configuration, click Windows Settings.


  4. Click Security Settings, and then click Public Key Policies.


  5. Click Automatic Certificate Request Settings.


  6. Use the wizard to add a policy for Domain Controllers.


When you complete these steps, all Domain Controllers automatically request a certificate and can support LDAP using SSL port 636.

For additional information about how to configure clients, click the article number below to view the article in the Microsoft Knowledge Base:
Q238007 How to Configure Address Book to Query Users in Active Directory

Additional query words:

Keywords : kbenv kbtool ntsecurity
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.