Recently, I have encountered an issue with Active Directory, LDAPS and multiple Server authentication certificates in the default computer certificate store of my domain controllers. The LocalComputer certificate store contained one certificate for AD LDAPS and the other was dedicated
Play with group policy, XML and Powershell
DNS forwarder setting healthcheck
Cleanup your Group Policies with Powershell
List installed certificate properties on remote computers
Automatic HTTPS WinRM Listener creation
Active Directory Functional Domain level check
Get the Active Directory functional levels/FSMO roles forest wide
Password never expires status
List AD domain controller KDC certificates
Kerberos uses certificates to encrypt communication between the Kerberos client and the Kerberos Key Distribution Center (KDC). If you’re domain controllers use certificate for KDC you can list them by runnning this script: $domains = (Get-ADForest).domains $dcs = (Get-ADForest).globalcatalogs $list