I don't know if you ever heard of Testimo, but it allows you to quickly test for different parts of your Active Directory with minimal effort. With the same little cmdlet, the full forest is scanned for all domains within the forest, and it goes and checks all Domain Controllers in each domain for LDAP. Testimo offers the Sources parameter, which allows you to pick one or multiple tests during a single run. In our case, we're interested in the DomainLDAP test.
Online switch in that cmdlet is optional, and it controls the HTML report use of external resources. Online switch forces the use of CDN resources rather than push everything locally (which makes HTML sources a bit more readable). Feel free to skip it if required.
In the below report, what you see in the left top corner is a basic summary of all tests done and whether all tests passed or some problems occurred. Just below it, it contains a cmdlet that was executed to get the data. On the right, you see a description of the test, few resources to deepen your knowledge about LDAP, and an overall summary of all tests. This is useful if you have 10–50–100–200 domain controllers, and you want to make sure all of those are ok. If those show proper status, there's usually no need to dive into the details. However, the details are also there – just at the bottom of the report.
The report is pretty comprehensive when it comes to testing for LDAP availability. It first does basic LDAP connectivity checks to switch to full LDAP binding with reading certificate information. This means we're able to tell how much time it is for the certificate to expire and need replacement, what names are on the certificate, and which CA is responsible for supplying it, and generally how good or bad the certificate is.
It's effortless to assess whether everything is ok, or something is wrong with coloring in place. In case some parameters are outside of the norm will be marked with red color for verification.