Using LDAPS for Active Directory scanning

Lansweeper supports using the LDAPS protocol for scanning and otherwise connecting to on-premises Active Directory domains. LDAPS communication is encrypted and therefore more secure than plain LDAP. In Lansweeper, you can choose per domain and per scan server which protocol you want to use for on-premises Active Directory connections, LDAP or LDAPS. You can also choose your preferred port. The LDAP(S) configuration you submit for a domain is used when connecting to that domain in the context of:

To configure LDAP(S) for an on-premises domain, browse to the Scanning\Scanning Targets menu of the web console. If you have multiple scan servers, there will be a tab for each server. By default, in the LDAP(S) section of the page, only an All Domains configuration will be present. This configuration is used for LDAP(S) connections to any domains that don't have a domain-specific configuration. You can edit this configuration if you want.

Click the Add Domain LDAP(S) Config button if you want to add a configuration for a specific domain. In the resulting popup, you can choose whether to use LDAP or LDAPS for connections to the domain, as well as the ports. 389 and 636 are the default LDAP and LDAPS ports, respectively. For an LDAPS connection to your domain to be successful, of course make sure that LDAPS is properly configured in the domain itself and that the necessary certificates are present in the correct certificate stores of your Lansweeper scan server.

For connections to your domain in the context of scanning and other operations, Lansweeper will try ports and protocols in this order until one is successful:

  1. The LDAPS port of your domain-specific configuration, if you added a domain-specific configuration and if you ticked LDAPS for the configuration
  2. The LDAP port of your domain-specific configuration, if LDAP is ticked
  3. The LDAPS port of the All Domains configuration, if LDAPS is ticked
  4. The LDAP port of the All Domains configuration, if LDAP is ticked
  5. As a final fallback, LDAP over port 389

Related Articles

Get Started Right Away

Try Lansweeper for Free