To support this configuration, our recommendation is to ensure that LDAPS (LDAP over SSL) is enabled on the domain controllers that Foldr uses for authentication. This is typically enabled by installing the Domain Certificate Services role on a domain controller (selecting Enterprise CA during setup), however there are other methods to enable the feature.
When LDAPS is enabled on a domain controller, Foldr must be reconfigured to connect to LDAP servers using the prefix ‘ldaps://’ to ensure they connect over SSL on port 636 rather than the default LDAP port of 389.
Using LDAPS, along with authenticating with domain controllers securely, it also unlocks the password features in Foldr (password change/expiration handling, delegated reset and self-service reset). More information on LDAPS and the password features can be found here: