Can Active Directory connector be set to use port 636 with TLS1.2

Document ID : KB000106008
Last Modified Date : 18/07/2018
Show Technical Document Details
Issue:
The Active Directory connector is a Windows Agentless connector with the "Is Active Directory" switch enabled. During our research, we found that the connector still uses port 389.  We have a new policy to stop using port 389 and only use TLS 1.2 connections directly.  Is there a why to enable this connector to use port 636 with TLS 1.2 encryption?
Resolution:
In regards to the endpoint where 'is Active Directory' is checked, AccountManager (running under AgentManager) uses ADSI API to work with user accounts. It uses ADS_SECURE_AUTHENTICATION flag that means Active Directory uses Kerberos authentication, not TLS.