Thank you so much for posting here.
If possible, would you share with us how we configured LDAPS?
LDAPS protocol mainly used between application and the Network Directory or AD Domain Controller. There is no way to make clients prefer LDAPS because the type of connection depends on the application that is running on the client computer.
Blocking port 389 is a typical thing to do on an external firewall, but is not something you would do on a domain controller. The Active Directory Domain Service administration tools still use port 389, but they are protected by the sign and seal binding.
For more information, we could refer to:
Thanks so much.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.