Using an Active directory as a read only user store in WSO2 Identity Server is very much straight forward. It can be treated as a read-only LDAP and can be configured with slight modifications to the read only LDAP user store configurations.
However configuring an AD as a read/write user store need some additional work, because the update operations need to be run in ldaps (ldap + ssl). In this post I will show how to generate a certificate for the AD to be used for SSL connection. The next post will be on the configurations to be done at WSO2 IS to use this AD.