The link does mention ADFS but the steps to disable are the same. An OOB Active Directory does not require SSL/TLS
--please don't forget to Accept as answer
if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi, Please help me to know if we can disable the protocols SSL 2.0, 3.0 and TLS 1.0 safely in Domain Controllers (Windows Server 2012 R2 STD 64bit operating systems) Thanks & Regards Sitaram
The link does mention ADFS but the steps to disable are the same. An OOB Active Directory does not require SSL/TLS
--please don't forget to Accept as answer
if the reply is helpful--
Hello @Sitaram Nayak ,
Thank you for posting here.
Before disabling SSL 2.0, SSL 3.0 and TLS 1.0 protocols in Domain Controllers, we had better ensure all machines and apps in your AD domain do not use SSL 2.0, SSL 3.0 and TLS 1.0 protocols and all machines and apps use TLS 1.1 or TLS 1.2.
So we can enable TLS 1.1 or TLS 1.2 and disable SSL 2.0, SSL 3.0 and TLS 1.0 protocols via GPO registry on all machines, in this way, Windows machines and Microsoft Apps should/will use TLS 1.1 or TLS 1.2.
However, if there are third-part apps/machines with non-Windows operating system or old Apps (WIndows or non-Windows) in your AD environement, you may consider if they support TLS 1.1 or TLS 1.2 (in other word, they may only support SSL 2.0, SSL 3.0 or TLS 1.0) before disabling SSL 2.0, SSL 3.0 and TLS 1.0 protocols.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
You can follow along here.
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs
--please don't forget to Accept as answer if the reply is helpful--