The Active Directory connector is a Windows Agentless connector with the "Is Active Directory" switch enabled. During our research, we found that the connector still uses port 389. We have a new policy to stop using port 389 and only use TLS 1.2 connections directly. Is there a why to enable this connector to use port 636 with TLS 1.2 encryption?
In regards to the endpoint where 'is Active Directory' is checked, AccountManager (running under AgentManager) uses ADSI API to work with user accounts. It uses ADS_SECURE_AUTHENTICATION flag that means Active Directory uses Kerberos authentication, not TLS.