diff --git a/Windows Settings/LDAPS.md b/Windows Settings/LDAPS.md
new file mode 100644
index 0000000..08ca043
--- /dev/null
+++ b/Windows Settings/LDAPS.md	
@@ -0,0 +1,5 @@
+# LDAPS
+
+**Only relevant if you are using Active Directory.**
+
+Active Directory by default only uses LDAP, which is unencrypted and unverified. You should set up LDAPS. Traditionally, you have to setup a server for key management. However, if you only have Domain Controllers, you may be able to get away with this guide: https://www.dvolve.net/blog/2019/12/using-lets-encrypt-for-active-directory-domain-controller-certificates/
\ No newline at end of file