ADsOpenObject bind unsuccessful with ADS_USE_SSL

Question

I am trying to connect to an AD server from a computer that is outside the domain. the connection is working fine if i am trying with the flags ADS_SECURE_AUTHENTICATION | ADS_READONLY_SERVER

but when i am trying to add the use_ssl flag, its fail.

HRESULT hr = ADsOpenObject(
            Path,
            "administrator",
            "password",
            ADS_USE_SSL | ADS_SECURE_AUTHENTICATION | ADS_READONLY_SERVER, //  Use Secure Authentication, allow readonly servers
            IID_IADs,
            (void**)&pObject
            );

the return value is: -2147016646 i look for it and found that in hex it mean ldap server is down, but it on.

i did install the certificate on the computer i am trying to connect from.

Thanks.

@MathiasR.Jessen i did check it with [code] (new-object Net.Sockets.TcpClient).Connect("domain.com", 636) [code] and it looks fine. — Tom20200, Aug 10 '20 at 13:55

score 0 · Answer 1 · answered Jan 19 '22 at 00:01

0

You should specify the domain name as follows: domain_name\user_name (NT format)

answered Jan 19 '22 at 00:01

Eric

1

You could probably add this answer as a comment. – biqarboy Jan 19 '22 at 01:54
1

@biqarboy If you consider this an answer, then why do you recommend to misuse a comment for this? (And you are of course aware that this user cannot comment yet, aren't you? Also, are you aware that you can edit or delete your comments? No need to post a nearly identical one within on minute...) – Yunnosch Feb 12 '22 at 11:52
@Yunnosch, I agree with you. (i) The identical comments were a mistake. (ii) I was unaware that the user can not comment yet (sorry, I should probably know about the policy first). (iii) Also, a single line could be an appropriate answer, and one should not misuse a comment for that. I was thinking an answer should contain more elaborate discussion, such as what was wrong and how to avoid such a scenario. But, solutions could be concise without much explanation. I probably made such similar comments in other posts. So I will remove those comments as well. – biqarboy Feb 13 '22 at 04:16
Thanks for bringing this to my attention. – biqarboy Feb 13 '22 at 04:16
A single line can be an answer which cannot be flagged as "not an answer". A good answer (one which can expect upvotes) in most cases requires more information. You are quite right with that. @biqarboy – Yunnosch Feb 13 '22 at 09:50

ADsOpenObject bind unsuccessful with ADS_USE_SSL

1 Answers1