How to access domain controller, from outside (i.e. from the internet, outside of the WAN)?

Yashy used Ask the Experts™
hi guys

we're trying to configure a cloud based application to synchronise itself with our LDAP server which is on the LAN IP We've opened up the firewall ports also.

However, there's a section on this cloud application where you have to fill in the LDAP host name. It definitely doesn't work when I put just the external IP in there. My question is, what do I put in there? How would it know how to look at for our domain controller from the internet?

I've attached screenshot.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
For starters you would need to forward port 389 to your server. Or is that what you meant by "opened up firewall ports"? What type of router do you have?
Interesting you brought this up.

I found this URL not too long ago:

I hope it helps you.


Yes, I have opened up our firewall. It's a Sonicwall NSA 3500. It's port forwarding port 389 to our server.

I just don't know what to put into the LDAP server section. It doesn't work with in there, as it probably has no clue where is. So should I be putting our external facing public IP in there?

Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Yes put your outside facing IP there, then your router will redirect that to
Its better to setup a vpn server server in your firewall (sonicwall) and connect VPN from the client.

more secure and best practice.

Note: LDAP needs a lot of ports to be opened not only 389.


How would I connect with VPN?

It's a cloud based service, so it would mean they would have to set up a VPN to our site right?

Also, I thought LDAP was only port 389. That's what the provider has asked me to open up, strangely enough.
Does that mean it didn't work? If not remember to open the firewall ports on Windows server if that's not what you meant in your original post.Also try doing an ldap query against your server from within your network, to make sure everything is OK there.


No, it didn't work when we put in the public facing IP address follwed by port 389. We've opened the firewall and have done the NAT policy. Still though, they can't telnet to that port 389.

However, I can telnet to that server from internally. I get a feeling it could be firewall related on our NSA 3500?
some firewalls has a filttering machinazem to fillter traffic , it could be the problem.

you need to disable ldap fillters on the firewall.
Do you have an access rule on the sonicwall to allow port 389? Also perhaps the application is expecting a URL not an IP, if you don't have a specific URL try setting one up with something like DYNDNS.COM and see if entering that works.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial