LDAPS is not used when connecting to Active Directory. Safeguard follows the standard behavior of Windows / Microsoft protocols and attempts to use the highest level of security that the connection will allow. Safeguard connects via LDAP TCP/389, and uses Kerberos / GSS-API and SASL to authenticate and encrypt LDAP communications. This is the same mechanism used by Windows desktop AD logins. Unsecured LDAP is not used.