As expected in the world of Microsoft Windows Server 2012 and Active Directory, the interface and methods of managing certain functions changed. One thing in particular that I often have to do as a result of interfacing with AD through LDAP, is to enable a Certificate Authority role in the AD environment so that we can connect and manage objects through LDAP via SSL.
Although this is not any more complicated than in Windows Server 2008, it just appears differently due to managing everything through Server Administrator, the new built-in utility to manage all aspects of Windows Server 2012. Fortunately, I took the time to capture screenshots and document the process of enabling a Certificate Authority on a DC, which I have outlined below. Please note that in order for DCs to receive certificates, they will most likely need to be rebooted.
1. Log on to the server that you intend to add the CA role to (in my case this was a DC).
2. Launch the Server Administrator tool (if it did not launch automatically) to get to the dashboard.
3. In server administrator, select ADD ROLES AND FEATURES from the MANAGE Menu. You will get prompted with a dialog box to confirm that you want to add roles through the wizard. Click NEXT.
4. You will be prompted to select the installation type, choose ROLE BASED OR FEATURE BASED INSTALLATION. Click Next.
7. You will see a dialog box prompting you for additional features. Click NEXT.
13. After completing PART 1, you will be returned to a completion screen showing that the Certificate Services role has been installed successfully. Click on CONFIGURE ACTIVE DIRECTORY CERTIFICATE SERVICES ON DESTINATION SERVER.
22. Next you will need to specify where to store the certification database. Again, I recommend leaving the default settings, and click NEXT.
23. Verify your configuration settings, and click CONFIGURE.
24. The configuration will run (should only take a few seconds), and then a confirmation message indicating that the Certificate Services installation SUCCEEDED should appear. Click CLOSE.
25. You will be returned to the Roles and Features installation wizard. Click CLOSE.
26. Reboot the server in order for it to receive a certificate from the CA.
27. Test connecting to the server via an LDAP Browser tool, such as Apache Directory Studio. Connect using LDAPS and port 636. If you can browse the tree, then the LDAP SSL installation was successful.