When the SMS server authenticates login requests with Active Directory, you may want to secure the information passed between the two servers by encrypting the information. This is accomplished by enabling SSL-based encrypted communications between an Active Directory authentication server and the SMS server along with importing an SSL security certificate from the Active Directory server onto the SMS Server. The SMS server accepts RSA X.509 certificates. The certificate file can be in either PEM or DER format.
Note: The SMS server AD authentication process, does not support multiple or nested domain authentication.
SMS and High Availability
When SMS is configure to operate in HA mode and SMS client authentication occurs through an AD server, the SMS HA configuration must make use of the shared virtual management IP address and that IP address must be set in the AD server as a location from which to accept authentication requests.