Recipe 14.1 Enabling SSL/TLS
You want to enable SSL/TLS access to your domain controllers so clients can encrypt LDAP traffic to the servers.
18.104.22.168 Using a graphical user interface
After domain controllers obtain certificates, they open up ports 636 and 3289. Port 636 is for LDAP over SSL/TLS and port 3289 is used for the global catalog over SSL/TLS. See Recipe 14.2 for more information on how to query a domain controller using SSL/TLS.
14.1.4 See Also
MS KB 247078 (HOW TO: Enable Secure Socket Layer (SSL) Communication Over LDAP For Windows 2000 Domain Controllers), MS KB 281271 (Windows 2000 Certification Authority Configuration to Publish Certificates in Active Directory of Trusted Domain), and MS KB 321051 (How to Enable LDAP over SSL with a Third-Party Certification Authority)