1. LDAP server signing
domain-controller-ldap-server-signing-requirements
This setting doesn't have any impact on LDAP simple bind through SSL (LDAP TCP/636).
If signing is required, then LDAP simple binds not using SSL are rejected (LDAP TCP/389).
Caution: If you set the server to Require signature, you must also set the client device. Not setting the client device results in loss of connection with the server.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2. Issue
Our AD server is configured with LDAP signing and our client program wants to sync users from some groups, but we found that it automatically uses 389 when we loop group members. This doesn't make sense because we use 3269 to connect to the AD server and get groups and pull users. So can you help find out why? appreciate!
Sample Code
System.DirectoryServices.AccountManagement->GroupPrincipal
PrincipalCollection members = group.Members;
foreach (var member in members) // Microsoft AD Library will automatically use 389
{
//..............
}
Thanks & Best Regards