This is the first in 2018 series on how to enable secure LDAP(Lightweight Directory Access Protocol) communications between moodle and Windows 2008/2012 domain controllers.
Enabling LDAP on Windows-Based Domain Controllers
Basically, there are two methods of enabling LDAPS on a DC
install an Enterprise Root CA on a Domain Controller, install the AD-CS role and specify the type of setup as “Enterprise” on a DC.
The 2nd method is add a Digital Certificate on each DC.
Import the certificate into the AD DS personal store. And import the certificate into the Moodle server server by openssh command.
If you can browse data, Done.
Moodle LDAPS settings
Use TLS: Yes
User Type: MS ActiveDirectory
Search subcontexts: Yes