c# - How do I construct a DirectoryEntry with both a specific domain controller and a SID for a user or group? -

the scenario i'm faced need access active directory properties user , groups of member web server in dmz not joined domain. our infrastructure team have opened ldaps connectivity 1 specific domain controller purpose can call it's dns name. (i wrote code using principalcontext, generating referred queries other domain controllers , failing due firewall restrictions, hence i'm dropping down lower level directoryservices api).

specifically want able ask specific domain controller list of members of security group sid have string.

i can connect specific domain controller create root directoryentry this:

var root = new directoryentry("ldap://mydc.mydomain.com"); 

...and there can create directorysearcher search group name so:

var searcher = new directorysearcher(root) {     filter = "(&(object=(objectcategory=group)(cn=group name))" } 

this works fine, i'm struggling find equivalent syntax searching sid. threads i've found suggest syntax directly instantiating directoryentry based on sid itself:

new directoryentry(string.format("ldap://<sid={0}>", sid)) 

...but can't find example can specify both domain controller use search , sid search for. grateful if give me nudge in right direction.

i figured out:

var root = new directoryentry(string.format("ldap://mydc.mydomain.com/<sid={0}>", sid));