How to check if the AD Broker connects to the LDAP server

In this topic, you will learn how to check if the Portnox™ Active Directory Broker connects correctly to your on-premises LDAP server.

To check if the on-premises LDAP server is reachable, you can use the following methods.

Test-NetConnection

Open a PowerShell window.
Type the following PowerShell command:
```
Test-NetConnection -Port LDAP_PORT \
-ComputerName LDAP_HOST -InformationLevel Detailed
```
Where:
- LDAP_HOST: The hostname or IP address of the on-premises LDAP server
- LDAP_PORT: The port number of the on-premises LDAP server

If successful, it means that the LDAP server is running. To test access to that LDAP server, use one of the following methods.

Ldp

If you use Windows Server: add one of the following features: AD DS Snap-Ins and Command-Line Tools or AD LDS Snap-Ins and Command-Line Tools to install the ldp tool:
1. In the Server Manager > Dashboard window, click on the Manage top menu and select the Add Roles and Features option to open the Add Roles and Features Wizard.
2. In the Installation Type step, select the Role-based or feature-based installation option and then click on the Next button.
3. In the Server Selection step, select the server to configure from the list and then click on the Next button.
4. In the Server Roles step, click on the Next button.
5. In the Features step, make sure that at least one of the following features is selected: Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS tools > AD DS Snap-Ins and Command-Line Tools or Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD LDS Snap-Ins and Command-Line Tools.
6. In the Confirmation step, click on the Install button.
If you use Windows 10 or 11: add the following feature: RSAT: Active Directory Domain Services and Lightweight Directory Tools to install the ldp tool:
1. Open the Windows Settings app and in the Find a setting field, type optional features. Then, select the Add an optional feature option from the list below.
2. In the Optional features pane, click on the Add a feature button.
3. In the Add an optional feature pane, in the Find an available optional feature field, type rsat. Then, select the RSAT: Active Directory Domain Services and Lightweight Directory Services Tools feature and click on the Add button.
Run the ldp tool.
Click on the Connection > Connect... menu option.
In the Connect window, in the Server field, enter the hostname of your AD server, leave the default number of the LDAP Port (389) or change it if your server uses a custom port number, and then click on the OK button.

Important: If you want to troubleshoot an SSL connection, activate the SSL checkbox and type 636 as the Port. If a regular connection works, but an SSL connection fails, make sure that you have imported the certificate of the AD server on the AD Broker machine, including the whole certificate chain. Also, make sure that you are connecting to the same host name as the one specified in the certificate. For example, connecting to an IP address instead of the host name will not work.
Click on the Connection > Bind... menu option.
In the Bind window, enter your AD Broker user credentials and domain name, select the Bind with credentials option, and then click on the OK button.

If you cannot connect, it means that your LDAP credentials are incorrect.
Click on the View > Tree menu option.
In the Tree View window, enter your BaseDN and click on the OK button.

For example, for a domain vorlon.com, the LDAP BaseDN is DC=VORLON,DC=COM. Learn more on ldap.com.
Explore the LDAP catalog for any required information.

Active Directory Explorer

Download and run the Active Directory Explorer application.
Connect to the Active Directory LDAP server using the credentials that you use for AD Broker.

If you cannot connect, it means that your LDAP credentials are incorrect.
Explore the LDAP catalog for any required information.