Can Active Directory connector be set to use port 636 with TLS1.2

book

Article ID: 106008

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

The Active Directory connector is a Windows Agentless connector with the "Is Active Directory" switch enabled. During our research, we found that the connector still uses port 389.  We have a new policy to stop using port 389 and only use TLS 1.2 connections directly.  Is there a why to enable this connector to use port 636 with TLS 1.2 encryption?

Environment

Release:
Component: SEOSWG

Resolution

In regards to the endpoint where 'is Active Directory' is checked, AccountManager (running under AgentManager) uses ADSI API to work with user accounts. It uses ADS_SECURE_AUTHENTICATION flag that means Active Directory uses Kerberos authentication, not TLS.