How to check LDAPS certificate and TLS version

Get OpenSSL (a list of 3rd party sites here; I went with this one). The connect to your DC thus:

To test a specific version add a switch like -tls1_2 or -tls1_1. If it fails you get an error like this (this was me asking for TLS1.1):

Hope that helps someone!

Update: Just for completeness, here are the regkeys to enable/ disable various TLS versions in Windows.