What are the prerequisites for querying Active Directory information from outside the domain using LDAP?

To query AD from outside the domain, you need network access to the Domain Controller’s port 389 (LDAP) and valid credentials for at least one regular domain user. As described in this article, tools like ldapsearch on Kali can then be used with the DN and password to bind and query objects like users, computers, and groups. For environments where AV might interfere, see Bypass AV techniques.