Powershell AD-GetUser fails if port 636 is used, but DirectorySearcher works

Question

I have a PowerShell script to get users from my Active Directory server hosted inside VirtualBox.

I've imported the root certificate into my computer's trusted root store. I can connect and query my Active Directory server using JXplorer using both 389 and 636 (SSL).

The script:

Get-ADUser -AuthType 0 -LDAPFilter "(objectClass=user)" -SearchBase "CN=Users,DC=win2022,DC=kcwong,DC=igsl" -Server "WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636" -Credential "Administrator"
# Password is entered correctly in the dialog that pops up

$LDAP = New-Object System.DirectoryServices.DirectoryEntry("LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=Users,DC=win2022,DC=kcwong,DC=igsl", "Administrator", "[Password here]")
$Searcher = New-Object System.DirectoryServices.DirectorySearcher($LDAP)
$Searcher.SearchScope = "Subtree"
$Searcher.Filter = "(objectClass=user)"
$Searcher.FindAll()

When I execute it, the results are:

PS C:\KC\Projects\Fubon Bank\Script> .\LDAPExport.ps1
Get-ADUser : Server instance not found on the given port.
At C:\KC\Projects\Fubon Bank\Script\LDAPExport.ps1:69 char:1
+ Get-ADUser -AuthType 0 -LDAPFilter "(objectClass=user)" -SearchBase " ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
   ands.GetADUser


Path                                                                                                  Properties
----                                                                                                  ----------
LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=Administrator,CN=Users,DC=win2022,DC=kcwong,DC=igsl {logoncount, c...
LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=Guest,CN=Users,DC=win2022,DC=kcwong,DC=igsl         {logoncount, c...
LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=krbtgt,CN=Users,DC=win2022,DC=kcwong,DC=igsl        {logoncount, c...
LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=test1,CN=Users,DC=win2022,DC=kcwong,DC=igsl         {givenname, co...
LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=test2,CN=Users,DC=win2022,DC=kcwong,DC=igsl         {givenname, co...
LDAP://WIN-EF20VIM8EIQ.win2022.kcwong.igsl:636/CN=test10,CN=Users,DC=win2022,DC=kcwong,DC=igsl        {givenname, co...

PS C:\KC\Projects\Fubon Bank\Script>

So DirectorySercher works, but Get-ADUser doesn't. Get-ADUser works if I change to port 389.

I don't want to use DirectoryEntry because it seems I cannot use Credential with it. My script is going to be executed in task scheduler, so I need some ways to protect the password.

There are some similar questions on StackOverflow, but most of them don't have answers. In one question I even found someone saying Get-ADUser doesn't support SSL.

Edit: So I can do this: Access Windows Task credentials in the PowerShell Script Have the scheduled task user create a credential file, then I can import it and feed username and password to ADSI.

It'd still be nice to know how to solve Get-ADUser's problem with SSL though.