3.2.5.2 Establishing a Connection to the Domain Controller

An ADConnection initialization operation MUST be performed, as specified in [MS-ADTS] section 7.6.1.1, "Initializing an ADConnection". The TaskInputTargetName input value MUST be taken from RetrievedDomainName, and the TaskInputPortNumber value MUST be 389. The resulting ADCONNECTION_HANDLE object ([MS-DTYP] section 2.2.2, "ADCONNECTION_HANDLE") MUST be stored in ADConnectionHandle.

The following options MUST be set on the ADConnection associated with ADConnectionHandle, using the operation specified in [MS-ADTS] section 7.6.1.2, "Setting an LDAP Option on an ADConnection".

• LDAP_OPT_PROTOCOL_VERSION MUST be set to 3.

• LDAP_OPT_ENCRYPT MUST be set to TRUE.

• LDAP_OPT_SIGN MUST be set to TRUE.

An ADConnection MUST be established using the operation specified in [MS-ADTS] section 7.6.1.3, "Establishing an ADConnection". The TaskInputADConnection value MUST be the ADCONNECTION_HANDLE object ([MS-DTYP] section 2.2.2, "ADCONNECTION_HANDLE") stored in ADConnectionHandle.

Then, the connection handle MUST bind as specified in section 3.1.5.1.

Note The hostname, contained in the RetrievedDomainName data element, is resolved to an explicit IP address in [MS-ADTS] section 7.6.1.1, "Initializing an ADConnection", and [MS-ADTS] section 7.6.1.3, "Establishing an ADConnection".