Validating the LDAPS configuration
After completing the LDAPS TLS configuration, open a command shell in any machine with OpenSSL installed and run the following command for each Domain Controller.
openssl s_client -connect <DOMAIN-FQDN>:636 -showcerts Where <DOMAIN-FQDN> is the Fully Qualified Domain Name of the Domain Controller. For example:
openssl s_client -connect dc1.example.com:636 -showcerts If LDAPS is configured properly, this command will display the LDAPS certificate for the selected domain controller.