none
StartTLS Support In Active Directory

    Question

  • Does AD at functional level 2003 and above support StartTLS? I'm trying to force my client applications to use port 636 for TLS/SSL but it got me thinking if AD could allow StartTLS connections also.
    Monday, April 24, 2017 8:08 PM

Answers

  • I can confirm that StartTLS is support over port 389 TCP. I have verified this on the wire and using the LDP tool
    • Edited by shocko Thursday, May 11, 2017 10:54 AM
    • Marked as answer by shocko Thursday, May 11, 2017 10:55 AM
    Thursday, May 11, 2017 10:54 AM

All replies

  • Hi,
    StartTLS seems to be a third party certificate, as far as I know, we could enable LDAP over SSL with a third-party certification authority
    https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority
    and referring to the following thread, AD could allow StartTLS: https://social.technet.microsoft.com/Forums/windowsserver/en-US/86a91af3-8586-4ea6-ba2c-8ace5769cd6e/how-to-configure-and-use-starttls-on-windows-ad-server-2008-r2-or-2012-?forum=winserverDS
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 28, 2017 8:55 AM
    Moderator
  • I can confirm that StartTLS is support over port 389 TCP. I have verified this on the wire and using the LDP tool
    • Edited by shocko Thursday, May 11, 2017 10:54 AM
    • Marked as answer by shocko Thursday, May 11, 2017 10:55 AM
    Thursday, May 11, 2017 10:54 AM