You want to encrypt LDAP traffic using SSL, TLS, or signing.
Most of the GUI-based tools on a Windows Server 2003, Windows XP, or Windows 2000 SP 3 machine automatically sign and encrypt traffic between the server and client. This includes the following tools:
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Schema
Active Directory Users and Computers
Group Policy Management Console
Also with ADSI Edit, you can specify the port number to use when browsing a partition. View the Settings for a connection by right-clicking on the partition and selecting Settings. Click the Advanced button and enter 636 for LDAP over SSL or 3269 for the global catalog over SSL.
The Windows Server 2003 version of LDP supports encryption using the StartTLS and StopTLS operations, which are available from the Options → TLS menu. With the Windows 2000 version, you can use SSL by going to Connection → Connect and entering 636 or 3269 for the port.
The DS command-line tools support LDAP signing and encryption when
run from Windows Server 2003 or Windows XP against a Windows 2000 SP3
or Windows Server 2003 domain controller. This includes
' This code shows how to enable SSL and secure authentication using ADSI ADS_SECURE_AUTHENTICATION = 1 ADS_USE_SSL = 2 set objLDAP ...