Can you use LDAP to connect to Active Directory with just an IP, username, and password?

Question

Is it possible to connect to an AD without knowing the domain or the CN DC etc? Given a url like ldap://1.2.3.4 and a username and password, can a bind attempt be made or must we have the domain or the CN/DN

Answer 1

Thank you user207421 for your suggestion.

I did tested in my system seems it can be possible. please follow the below steps to get it apply.

In the below steps I have shown how I can connect to active directory from another server using AD LDAP with just IP, username, and password

Prerequisite:

• Off the firewall for both of the server which you are going to created.

• Make sure the both the VM under same VNET and subnet.

Step 1: Created a VM e.g. : VM11 and install and Active Directory and DNS server.Set the domain name as contoso.com.

Step 2: Created another VM e.g.: VM110

Step 3: Join your VM110 to the contoso.com domain.

• Add the Ip address of VM11 under DNS server in VNET.

Click over change to set the domain name of your server. I have already setup to contoso.com.

Step 4: installed the Active Directory Lightweight Directory service on VM110 and try to connect to VM11 server for access the Active directory.

Set up the inbound and outbound port number 389 or 3269 or 636 for the both VM’s. LDAPS communication occurs over port TCP 636. LDAPS communication to a global catalog server occurs over TCP 3269. I am not able to set the port number as I have restriction in my subscription you can try in your system and then try further below steps.

Step 5: (1) bind anonymously and search for the DN of the user whose username is X; (ii) try to bind as that DN and password. AD may have some other method.

You can also refer this document for apply the same.