Problem
Our customers often reports problems if the try to do a ldapsearch from an unjoined computer.
Solution
The most often mistake is not giving the base you want to search:
ldapsearch -D "uid=Administrator,cn=users,dc=testdomain,dc=intranet" -W -H ldap://dc0.testdomain.intranet:7389 -b "cn=users,dc=testdomain,dc=intranet"
-b is the base
Another problem is the port. If you want to search the UCS open LDAP you need to set a 7 before the standard ports. (7636 and 7389)
If you want to communicate encrypted (port 7636) you need to add the rootCA of the UCS domain to your unjoined computer. Please refer your system documentation how to do.
Also seen, the binddn is a dn not only the uid. (see example -D)