Validating the LDAPS configuration

After completing the LDAPS TLS configuration, open a command shell on any machine with OpenSSL installed and run the following command for each Domain Controller.

openssl s_client -connect <DOMAIN-FQDN>:636 -showcerts

Where <DOMAIN-FQDN> is the Fully Qualified Domain Name of the Domain Controller — for example:

openssl s_client -connect dc1.example.com:636 -showcerts

If LDAPS is appropriately configured, this command will display the LDAPS certificate for the selected domain controller