Step by Step Guide to Setup LDAPS on Windows Server

While this article is well-written, it doesn't appear to achieve the goal of enabling LDAPS in Windows Server.  The first issue is the article ignores servers which happen to be Domain Controllers, which is *probably* the majority of servers that users need to enable for LDAP and LDAPS.  

On Windows Servers that are DCs, it is not necessary to add the Active Directory Lightweight Directory Services role, which is the first half of the article.  That's because DCs - at least those that are designated Global Catalogs - already respond to LDAP queries.  Adding Active Directory Lightweight Directory Services just duplicates the functionality already there on DCs (or maybe DCs that are also GCs) - albeit on different ports.

The second issue is lack of any detail about how to add the generated certificate to Windows Server so it becomes available to whatever services those LDAP requests.  It may be the certificate becomes active automatically after generation.  But the article doesn't mention if or how that happens.

And the article completely falls apart when it instructs to copy the key into the Java Runtime Environment store.  That's the first mention of Java, which is  probably not installed on most Windows servers.  There are no instructions to install Java or disclaimer like "this example requires a Windows Server with Java Runtime Environment (JRE) already installed".

The author might be referring to the computer running the client making the LDAPS queries, rather than the Windows Server that is servicing those queries.  If that is the case, the switch between focusing on one computer (the LDAP server) and the other computer (the LDAP client) is completely omitted. 

The article doesn't contain sufficient information for most of us to achieve the goal described in the title.