Before generating the LDAPS TLS certificates, configure the Active Directory Forest to trust the certificate chain. Otherwise, there is a risk of breaking the LDAP communications between the various domain controllers. As explained below, the recommended method to configure the LDAPS certificate chain trust is to create a GPO (Group Policy Object) linked to all domains in the Active Directory Forest.