Avatar of Yashy
Flag for United Kingdom of Great Britain and Northern Ireland asked on

How to access domain controller, from outside (i.e. from the internet, outside of the WAN)?

hi guys

we're trying to configure a cloud based application to synchronise itself with our LDAP server which is on the LAN IP We've opened up the firewall ports also.

However, there's a section on this cloud application where you have to fill in the LDAP host name. It definitely doesn't work when I put just the external IP in there. My question is, what do I put in there? How would it know how to look at for our domain controller from the internet?

I've attached screenshot.


Avatar of undefined
Last Comment

8/22/2022 - Mon

For starters you would need to forward port 389 to your server. Or is that what you meant by "opened up firewall ports"? What type of router do you have?

Interesting you brought this up.

I found this URL not too long ago:


I hope it helps you.

Yes, I have opened up our firewall. It's a Sonicwall NSA 3500. It's port forwarding port 389 to our server.

I just don't know what to put into the LDAP server section. It doesn't work with in there, as it probably has no clue where is. So should I be putting our external facing public IP in there?

Your help has saved me hundreds of hours of internet surfing.

Yes put your outside facing IP there, then your router will redirect that to
Suliman Abu Kharroub

Its better to setup a vpn server server in your firewall (sonicwall) and connect VPN from the client.

more secure and best practice.

Note: LDAP needs a lot of ports to be opened not only 389.

How would I connect with VPN?

It's a cloud based service, so it would mean they would have to set up a VPN to our site right?

Also, I thought LDAP was only port 389. That's what the provider has asked me to open up, strangely enough.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Does that mean it didn't work? If not remember to open the firewall ports on Windows server if that's not what you meant in your original post.Also try doing an ldap query against your server from within your network, to make sure everything is OK there.

No, it didn't work when we put in the public facing IP address follwed by port 389. We've opened the firewall and have done the NAT policy. Still though, they can't telnet to that port 389.

However, I can telnet to that server from internally. I get a feeling it could be firewall related on our NSA 3500?
Suliman Abu Kharroub

some firewalls has a filttering machinazem to fillter traffic , it could be the problem.

you need to disable ldap fillters on the firewall.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question