I have been trying to enable secure ldap on a 2003R2 server over the past couple of days and have gotten nowhere.
There seems to be very little in the way of instructional articles on the web or even at Microsoft.
The knowledge base article 247078 states that
Install an Enterprise Certificate Authority on a Windows 2000 server. All Domain Controllers in the forest will automatically enroll for and install the appropriate certificate.
When you install an Enterprise Certificate Authority, all Domain Controllers automatically request a certificate and can support LDAP using SSL port 636.
I have installed certificate services on a test 2003R2 server that is a DC for the test domain and either there is more to installing certificate services and a CA or the article is wrong.
Can anybody point me in the right direction here as to the prerequisites for secure ldap operation ?