Q: How can I easily verify LDAP over SSL connectivity to my Windows DCs?

A: To verify that LDAP over SSL (LDAPS) connectivity is operational and configured correctly on your domain controllers (DCs), you can use the LDP tool. LDP is installed by default on a Windows Server 2008 DC. On Windows Server 2008 member servers and Windows 7 or Windows Vista machines, you must install the Remote Server Administration Tools (RSAT) to get access to LDP.

To open LDP, click Start and type ldp in the Search box. Click the LDP Connection menu option, then click Connect. In the Server field, type the Fully Qualified Domain Name (FQDN) of the DC to which you want to connect. Ensure that Port is set to 636 (this is the default LDAPS port), that the Connectionless check box is cleared, that the SSL check box is selected, and then click OK. If LDAPS is configured properly, the LDP command output should display "Host supports SSL," as Figure 1 shows.

Figure 1: The LDP tool showing correctly configured LDAPS (Click image for larger view)

Next, click the Connection menu option again, select Bind, and click OK. If LDAPS is configured properly, the LDP command output should display the username and domain name that you used for authenticating with LDP to Active Directory (AD).

For troubleshooting LDAPS connectivity, I advise you to read through the Microsoft article "How to troubleshoot LDAP over SSL connection problems."