How to pass the port number 3269 to achieve LDAPS?

Question

How to pass the port number 3269 to achieve LDAPS in the case of below?

DirectoryEntry d = new DirectoryEntry("DC=EXAMPLE,DC=COM", username, password);

For LDAPS call, I am able to attach the port number 3269 to domain name and it is working. Below is the sample code which works:

DirectoryEntry d = new DirectoryEntry("LDAP://EXAMPLE.COM:3269", username, password);
DirectorySearcher ds = new DirectorySearcher(d, "sAMAccountName=" + username);
DirectoryEntry de = ds.FindOne().GetDirectoryEntry();

However, if I get the server name like, "DC=EXAMPLE,DC=COM" how can I pass the port number 3269 to achieve LDAPS?

DirectoryEntry d = new DirectoryEntry("DC=EXAMPLE,DC=COM", username, password);

Please suggest, Thanks a lot in advance.

Answer 1

You're describing two different ways of specifying an LDAP path:

1. Using the server name, which includes using just the domain name since DNS will return the IPs of each domain controller. e.g. "LDAP://EXAMPLE.COM:3269"
2. Using the distinguished name of the object on the domain that you want to bind to. e.g. "LDAP://DC=EXAMPLE,DC=COM" (you need the LDAP:// prefix)

However, those are not mutually exclusive. You can use both together by separating them with a /.

But if you're going to use the distinguished name of the root of the domain, then you can just exclude it, since that's the default. But also, if you're connecting to the Global Catalog, you likely don't want to specify any distinguished name, since if you use that DirectoryEntry object in a search, your results will be limited to only that domain, which defeats the purpose of using the GC.

Also, if you want to connect to the Global Catalog, you need to use GC:// instead of LDAP://. By default, GC:// uses port 3268, but if you want to use GC over SSL, then you need to specify the port 3269 like you are.

So this is likely what you want:

var d = new DirectoryEntry("GC://EXAMPLE.COM:3269", username, password);