There isn't really a way to do it without attempting to connect. Also, remember that SSL has to be negotiated between the client and server. The server may be perfectly capable of doing SSL, but if the client doesn't trust the server's certificate or attempts to contact the server with a name that does not match the name of the server in the certificate, the client may choose to reject the attempt to connect via SSL, whereas another client might not have the same objections.

You have to try it.

Also, the DC doesn't publish anything that you can query, say via RootDSE, to state whether it supports LDAPS or not (at least nothing that I've every heard of...).

Joe K.

----- Original Message ----- From: "David Loder" <[EMAIL PROTECTED]>
To: <>
Sent: Thursday, October 05, 2006 2:56 PM
Subject: [ActiveDir] Discovering LDAPS availability

Other than directly testing the 636 port on each DC,
can anyone suggest a method for an unprivledged client
to discover whether or not LDAPS should be available
on a specific DC?

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
List info   :
List FAQ    :
List archive:

List info   :
List FAQ    :
List archive:

Reply via email to