Lightweight Directory Access Protocol (LDAP)

Within an organization, there's usually at least one Domain Controller (DC) to centrally manage all of the user accounts, user groups, computers, and even the group policies objects. In the Windows Server platform, there's a role called Active Directory (AD), which handles the management of user accounts (objects). This is like a database, with all of the users' information stored centrally for easy access and management.

Let's imagine an application or an operating system needs to query the user account information with the Windows Server AD service; the LDAP was designed to query and update such directory services. LDAP is not a directory standard but simply a protocol for providing the functionality to make queries and updates to the actual directory—in this case, the directory is the Windows AD platform.

By default, LDAP uses TCP and UDP port 389. However, a secure form of LDAP that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is available; this is known as LDAPS, which uses port 636.