This article describes how to configure the Windows 2000 address book to search Active Directory by using SSL or port 636. You can use this type of search to test the connectivity and search capabilities against the Active Directory by using SSL.
Configuring the Address Book
You can verify that your server authentication certificate is working properly by testing if you can establish a 128-bit SSL connection between your server and a Windows 2000-based domain controller. Note that this only works if a certificate has also been issued to the domain controller from the same certificate authority (CA) that issued the certificate for your server. To verify that your server authentication certificate is working properly:
- After you install the required certificates, on the server, clickÂ Start, point toÂ Search, and then clickÂ For People.
- In theÂ Look in box, clickÂ Active Directory.
- Right-clickÂ Active Directory, and then clickÂ Properties.
- In theÂ Active Directory Properties dialog box, type the fully qualified domain name of the domain controller to which you want to connect in theÂ Search Name box, for example,Â domain controller name.domain name.com.
- If you are logged on with a domain account that has permissions to search the Active Directory, you can skip this step. Otherwise, provide administrator-level credentials for this domain controller in theÂ Account andÂ Password boxes. For example:Account:Â domain name\user name
Password:Â passwordNOTE:Â domain name is the name of your domain where the account exists, andÂ user name is the account that you are using to log on. The password must be the password for the account that you are using.
- After you have specified the domain controller and the appropriate credentials, click theAdvanced tab, and then specify SSL connectivity for LDAP (the port must be set to 636).
- Select a search base that is appropriate to your Active Directory structure, for example CN=Users,DC=domain,DC=com.
- ClickÂ OK to close theÂ Active Directory Properties dialog box.
In theÂ Find People dialog box, clickÂ Active Directory in theÂ Look in box.Searching for People Against Active Directory
- Click theÂ Advanced tab.
- In the define criteria section, select the following criteria for the search:NAME Contains Administrator
- ClickÂ Add, and then clickÂ Find Now.
If your server can establish a 128-bit SSL connection to the domain controller, you see the results of your search in the Results pane of theÂ Find People dialog box. If you cannot establish a 128-bit SSL connection to the domain controller, you may receive the following error message, or one that is similar to this error message:There are no entries in the directory service that match your search criteria.This message may have several causes, so other possible causes should be ruled out. Verify that all server name and credential information is correct. To help rule out other error causes, configure the port setting on theÂ Advanced tab under Active Directory properties (that was previously described) to be the default LDAP port (389), and then repeat the test. If the test still does not work, you may have a name resolution problem, or other connectivity problem.