Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool queries the Exchange_DSAccessDC Microsoft Windows® Management Instrumentation (WMI) class in the ROOT\MicrosoftExchangeV2 namespace to determine the value for the LDAPPort key. If the value for the LDAPPort key is not set to 389, a non-default configuration message is displayed.
The LDAPPort key represents the TCP port number on which the domain controller listens for Lightweight Directory Access Protocol (LDAP) requests. Administrators can use LDAP over Secure Sockets Layer (SSL) on TCP port 636 (domain controller) or TCP port 3269 (global catalog) as a security measure.
By default, a global catalog server listens on port 3268 for LDAP communications. However, if an Enterprise certification authority is installed, all domain controllers automatically request a certificate and can support LDAP over SSL communications on TCP port 636. If the domain controller is also configured as a global catalog, it can also support LDAP over SSL communications on TCP port 3269.
To correct this error
-
There is no action required. The Exchange Server Analyzer is identifying a non-default configuration.
For more information about DSAccess and LDAP ports, see the following Microsoft Knowledge Base articles:
- 247078, "How to Enable Secure Sockets Layer (SSL) Communication
over LDAP for Windows 2000 Domain Controllers" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=247078)
- 246228, "XGEN: DSAccess Profiles" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=246228)