Microsoft has an advisory that states they will be prepping LDAP/SSL (LDAPS). https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
While Microsoft doesnt specifically list instructions to setup LDAP/SSL for Azure AD Connect, there is reference to LDAP/SSL (LDAPS) being used in article: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports
- Is there a way to verify if Azure AD Connect is already using LDAP/SSL?
- Is there a way to configure Azure AD Connect to only use LDAP/SSL?
Thank you
Stumbled across your post looking for the same information. I think it's as below but yet to test.
Under Synchronisation Service Manager > Connectors select your domain connector > Properties. Under "Connect to Active Directory Forest" you have an options button, untick "Sign & Encrypt LDAP traffic" and select "Enable SSL for the Connection".
In case somebody else is struggling... I faced the same problem and got the error message "An error was encountered trying to retrieve the SSL cipher strength" when trying to enable LDAP via SSL.
I had to change the settings under "Synchronisation Service Manager > Connectors select your domain connector > Properties". Under "Configure Directory Partitions" you have an options button next to "Configure Connection Security", untick "Sign & Encrypt LDAP traffic" and select "Enable SSL for the Connection" (+Enable CRL Checking, which should be obviously yes if you are using cert based authentication :-).
Wireshark confirmed the setting and my traffic is now encrypted via TLSv1.2 between Azure AD Connect Server and the DC.