How do you enable LDAPS on Domain Contoller?

Emsada can synchronise Active Directory accounts with contacts in the Emsada console. This can be used to sync with your customers or departments Active Directory servers.

The LDAPS protocol is secure but has some requirements. The first is that a valid certificate is imported into the Active Directory Domain Services certificate store. To import your certificate please follow the below:

Order a certificate

  1. Order a certificate for your server from a reputable source. Your certificate will need a name e.g. ldaps.your-domain.com where your-domain is your external domain name.
  2. Once you have the certificate you will be required to add a DNS A record of ldaps.your-domain.com and point this to your external IP address of where the Active Directory server is based.
  3. Now you need to import the certificate by following the below

Import the certificate

  1. On the Active Directory server open mmc by typing mmc in a Run command and pressing Enter
  2. Click File –> Add / Remove Snap-in…
  3. Select Certificates –> Add
  4. Select Service Account –> Next –> Select Local Computer –> Next
  5. Select Active Directory Domain Services –> Finish –> OK
  6. Expand Certificates and select NTDS\Personal
  7. Right-click NTDS\Personal and select All Tasks –> Import… –> Next
  8. Browse your certificate file –> Next
  9. Enter the password if you selected a pfx file and select Mark this key as exportable. This will allow you to back up or transport your keys at a later time.
  10. Click Next –> Next –> Finish

Configure your firewall to allow LDAPS

  1. Allow just the Emsada IP address ranges (these will be supplied to you) in on TCP port 636 forwarded to the Active Directory server. IMPORTANT: Do not allow unrestricted access to this port. 
  2. Add the connection details to your Emsada console on the Customer page under the AD Syncronisation tab
  3. Allow at least 10 minutes for the synchronisation to occur