This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 45%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
Hello,
Group Policy Management Console uses 389 port for communications and there are no credentials exposed during these operations. Still I would like GPMC establishing a secure connection with 636 port.
There is an article stating that 636 port can be used by GPMC fore secure communications.
How can I "force" Group Policy Management Console working with 636 port to establish a secure connection?
Thanks in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hello @Nikita Krivets ,
We are checking in to see if the provided information was helpful. If the reply is helpful, we would appreciate you to accept it as answer.
Please let us know if you would like further assistance. Thanks.
Best Regards,
Hannah Xiong
Hello @Nikita Krivets ,
I am checking how the issue is going, if you still have any questions, please feel free to contact us.
Thank you so much for your time and support.
Best regards,
Hannah Xiong
Hello,
Thank you so much for posting here.
If possible, would you share with us how we configured LDAPS?
LDAPS protocol mainly used between application and the Network Directory or AD Domain Controller. There is no way to make clients prefer LDAPS because the type of connection depends on the application that is running on the client computer.
Blocking port 389 is a typical thing to do on an external firewall, but is not something you would do on a domain controller. The Active Directory Domain Service administration tools still use port 389, but they are protected by the sign and seal binding.
For more information, we could refer to:
https://learn.microsoft.com/en-us/archive/blogs/pki/implementing-ldaps-ldap-over-ssl
Thanks so much.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
HI @Nikita Krivets ,
The Group Policy Management Console, along with many othet MMC consoles use LDAP to read from and write to Active Directory.
By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using SSL/Transport Layer Security (TLS) technology.
To change this you can follow the official Microsoft documentation here:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority
----------
(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Best regards,
Leon
@Leon Laude Thank you for your response! I have configured LDAPS. I have checked with ldp.exe and ADSI that connection via 636 port works just fine. But GPMC is still working via 389 port. Any ideas?
I don't believe you can change the port of 389, but you can simply block it on the firewalls.