LDAPS is not used when connecting to Active Directory. Safeguard follows the standard behavior of Windows / Microsoft protocols and attempts to use the highest level of security that the connection will allow. Safeguard connects via LDAP on ports TCP/389 and TCP/3268. These connections use Kerberos / GSS-API and SASL to authenticate and encrypt LDAP communications. This is the same mechanism used by Windows desktop AD logins. Unsecured LDAP is not used.