Recently tried to connect to a customer’s Active Directory Server to sync users and groups as per normal.. However this occasion I received a Error While connecting to LDAP… , null. I tried entering a different password to see if I was actually getting into the LDAP server, I was received a username/password error. I also tried modifying the port to 3268 as this Domain Controller I was trying to access was also a Global Catalog Server.. However I received the same null error.

I started digging around and what I found two things.. The Domain Controller had been moved to another general OU and was not sitting in the default Domain Controllers OU, where the Domain Controllers GPO could be applied, surely this can’t be right. The GPO being applied to the Domain Controller had a few Security Options manually configured, the one I was interested in was the Domain Controller: LDAP server signing requirements had been configured to “Require Signing”. Why this had been manually configured , I have no idea.

I had the Domain Controller object returned back into the Domain Controllers OU.. The Default Domain Controller’s GPO had the above setting defined as NONE. This was the default setting.

After forcing the update GPUPDATE /FORCE then logging off and back on.. Wholla! .. I could now sync my CUCM and CUC servers to the Active Directory OU Structure.

Also check the local security policy (gpedit.msc) on the Domain Controller to confirm the above setting was being applied and as it was greyed out, this meant the governing GPO had been pushed down.