Setting up an External Active Directory such as an on-premise domain requires LDAP over SSL (LDAPS), which uses an SSL Certificate to secure the connection. This certificate can either be self-signed using a Certification Authorization installed on your domain, or through the use of third-party Certificate Authority. This article provides the links to the configuration instructions for each scenario.
Setting up LDAPS using a self-signed certificate
To set up a self-signed certificate, you will first need to install the Active Directory Certificate Services module on your domain to issue the certificate. The following Microsoft article provide the steps for installing the Certification Authority module:
Once the Certification Authority module has been installed, you will then need to generate a self-signed certificate and configure LDAPs. The following Microsoft article provides the instructions for configuring LDAPS with a self-signed certificate:
Setting up LDAPS using a third-party certificate
If you opt to purchase a certificate from a third-party Certificate Authority, the following Microsoft article will provide the instructions for enabling LDAPS with that certificate: