The persistent state of a DC does not include the certificates that are necessary to authenticate the DC when a client makes an LDAPS (LDAP over SSL/TLS) connection. A DC obtains the certificates it needs by querying the operating system for them at startup. This operation provides a means for the requester to request that the DC repeat the query to the operating system for the certificates—for example, if the available certificates have changed since startup. The requester must have the "Reload-SSL-Certificate" control access right on the nTDSDSA object for the DC.
An LDAP Modify of the renewServerCertificate attribute causes the DC to query the operating system for certificates. When the operation returns, the DC has performed the query and the certificates it found are available for use in LDAPS connections.
The type of modification can be add or replace, and the values specified in the LDAP modify operation do not matter.
The following shows an LDIF sample that performs this operation.
dn: changetype: modify add: renewServerCertificate renewServerCertificate: 1 -