I have a customer that is having issues with ldap binding. I've installed ldap server admistrator and binding using the "current login account active directory only" works fine. If you try to manually create the login info using info from dsquery and the same domain admin account it fails saying something about must have a authorized binding. On a closer look it looks like the bind passed but it fails on the search. I ran portqry and 389 is listening on tcp but not on udp. I've turned on the windows firewall and was running the ldap test locally to the server. We got started on this trying to get LDAP to work on a set of ASA's. TAC spent 2hrs on it and couldn't figure anything out. They have two DC's in their parent domain and many child domains. DCDIAG looks clean.