We are preparing for Microsoft's March AD update to only allow secure calls using LDAPS, and while checking our .Net code, I discovered that calls to UserPrincipal.GetGroups() appear to use LDAP (port 389) rather than LDAPS (port 636), even if the UserPrincipal object was created with a PrincipalContext established over LDAPS, like so:
// Explicitly using LDAPS (port 636)
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, "our.corpdomain.com:636", "DC=our,DC=corpdomain,DC=com", ContextOptions.Negotiate);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, "someuser");
// These calls still use LDAP (port 389)
var groups = userPrincipal.GetGroups();
Does anyone know why this might happen and, if so, how to force GetGroups() call to use LDAPS? If they can't be forced, are there any workarounds for them?
Followed the code in below URL but, it does not provide me the MemberGroupID, only ("memberOf") group names are available. I need list of MemberGroupID's.
https://www.gabescode.com/active-directory/2018/06/08/finding-all-of-a-users-groups.html
Note: We have multiple forests and domains in the infrastructure