Setting up AD (Active Directory) for TLS to allow for Password changing.

Description:

 

Active Directory will not allow passwords to be updated unless the LDAP communication is encrypted.

The standard method of encrypted LDAP communication is TLS/SSL. To make the AD TLS/SSL capable a certificate must be generated. If you have a CA the the following needs to be done:

  1. Got to Start->Programs->Administrative Tools->Domain Security Policy.
  2. Go to Security Settings->Public Key Policies->Automatic Certificate Request Settings , right click and select New Automatic Certificate Request.
  3. Select Domain Controller from the window, then select your CA.

If you do not have a CA the following article might be useful: http://support.microsoft.com/kb/321051

Updated 2008-06-09 14:32 Copyright © 2002-2009 AppGate Network Security AB. All rights reserved.
Legal notice 		Contact AppGate Network Security
Comments to the webmaster