Encrypt with an LDT Transformation Policy
Encrypting the AD database with an LDT policy uses the same steps as encrypting with a standard production policy. The only difference is that you select an LDT policy instead of a standard one. See Encrypt by Moving the AD Service into a Guarded Directory for more information for more information.
If your AD service is installed in the default directory, C:\Windows\NTDS
, you must move it to another directory before you can encrypt it.