Checking Domain Controllers for Secure LDAP connections with PowerShell

imageI wanted to blog this quick bit of PowerShell as I could not find it anywhere else on the web whilst searching.

I needed to check the connected domain on a machine to see if SSL was configured and enabled for LDAP, the following script checks to see if SSL is enabled on one of the domain controllers in the current domain and then tries to make a connection to see if it works.

This can of course be altered to list and check all domain controllers easy enough:

$dc = [System.DirectoryServices.ActiveDirectory.Domain]::getCurrentDomain().DomainControllers | Select -First 1
$LDAPS = [ADSI]"LDAP://$($"
try {
	$Connection = [adsi]($LDAPS)
} Catch {
If ($Connection.Path) {
	Write-Host "Active Directory server correctly configured for SSL, test connection to $($LDAPS.Path) completed."
} Else {
	Write-Host "Active Directory server not configured for SSL, test connection to LDAP://$($ did not work."


Alan Renouf has a role of Automation Frameworks Product Manager at VMware responsible for providing the architects and operators of the cloud infrastructure with the toolkits/frameworks and command-line interfaces they require to build a fully automated software-defined datacenter. Alan is a frequent blogger at and has a personal blog at You can follow Alan on twitter as @alanrenouf.

You may also like...

7 Responses

  1. Dayle says:

    Thanks a heap for posting this, nice quick & easy script. I also made a very slight modification to test all the DCs in the domain, helped a lot for telling the Linux guys that LDAPS works fine!

  2. JimP says:

    This is a very useful task to perform before installing VMware’s SSO, as we recently had a problem in “locating” Identity Sources. This started a case with VMware, however, we identified an LDAPS problem due to Certificate expiration on a DC which had problems communicating with the PKI. So this test would have saved us a lot of time.

  3. Scott says:

    Thanks Alan. Certainly a quick check of this in all environments is a great idea.

  1. January 20, 2013

    […] Alan Renouf делится коротким скриптом по проверке включенности SSL LDAP на контроллера…. […]

Leave a Reply

%d bloggers like this: