setting up ldaps on active directory

Posted on 2012-09-07
Last Modified: 2012-09-11
We now need to authenticate to our university active directory.  In order to do that they require our domain controller use ldaps.  Am I required to get a certificate for this?  I've read several articles on how to do this and some say you have to order a certificate and others look like you don't.  I have no clue so thought I'd better ask for the correct process.
Question by:cindyfiller
    LVL 36

    Expert Comment

    Your questions is not quite clear.

    Is this a Domain Controller operated by the University, or a Domain Controller operated by yourself ?

    If the Domain Controller is operated by the University and they require you to use LDAPS against it, then unless the Domain Controller uses a public certificate you would need the public root certificate of the University CA on your client.

    If it is your own Domain Controller, you have three main options, which in my order of preference would be

    1/ configure your own root CA server
    2/ use a public certificate
    3/ use a self signed certificate

    You can use AD to "push" the root certificate to Domain joined Windows clients, for all other clients you would need to use another method to distribute the root certificate.

    Author Comment

    Their system needs to come in to authenticate to the active directory on my domain controller.  

    Can you provide steps for doing #1 if that is your recommendation?
    LVL 37

    Expert Comment

    by:Jamie McKillop

    You are best off using a public certificate. They are inexpensive and it isn't worth the hassle of tryng to setup your own CA.

    LVL 36

    Accepted Solution


    Author Comment

    Will these same instructions work for windows server 2008?  I noticed these are for 2003.
    LVL 36

    Expert Comment

    From the first paragraph.

     "Applies to Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2"

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Shouldn't all users have the same email signature?

    You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

    With the higher take up rate of SAN’s, virtualisation etc, windows devices with more than one network interface are becoming more common.  As a general rule when a service that is installed on a Windows operating system is running, it only listens o…
    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now