Checking Domain Controllers for Secure LDAP connections with PowerShell

imageI wanted to blog this quick bit of PowerShell as I could not find it anywhere else on the web whilst searching.

I needed to check the connected domain on a machine to see if SSL was configured and enabled for LDAP, the following script checks to see if SSL is enabled on one of the domain controllers in the current domain and then tries to make a connection to see if it works.

This can of course be altered to list and check all domain controllers easy enough:

$dc = [System.DirectoryServices.ActiveDirectory.Domain]::getCurrentDomain().DomainControllers | Select -First 1
$LDAPS = [ADSI]"LDAP://$($"
try {
	$Connection = [adsi]($LDAPS)
} Catch {
If ($Connection.Path) {
	Write-Host "Active Directory server correctly configured for SSL, test connection to $($LDAPS.Path) completed."
} Else {
	Write-Host "Active Directory server not configured for SSL, test connection to LDAP://$($ did not work."

7 thoughts on “Checking Domain Controllers for Secure LDAP connections with PowerShell”

  1. Thanks a heap for posting this, nice quick & easy script. I also made a very slight modification to test all the DCs in the domain, helped a lot for telling the Linux guys that LDAPS works fine!

  2. This is a very useful task to perform before installing VMware’s SSO, as we recently had a problem in “locating” Identity Sources. This started a case with VMware, however, we identified an LDAPS problem due to Certificate expiration on a DC which had problems communicating with the PKI. So this test would have saved us a lot of time.

Leave a Reply