Able to authenticate with ldap behind firewall but user query brings no results c#

we have opened port 389 in the firewall to one of the root active directory servers in one network so that we can authenticate users of a website running on another network (with completely separate domains), I'm using C# for this and I can authenticate the user well with their username and password, but when I try to do a query to get his details, like email and display name, the search returns nothing, the user is just not found at all. I've been looking all over the internet to see why this is happening, but ldap protocol just seems so extensive that I would probably have to take training to try understand why.

Right now testing in a console app with this code:

try {
            string container = "DC=my,DC=corp,DC=domain,DC=local";
            var entry = new DirectoryEntry("LDAP://ip_address:389/" + container, username, password);
            object nativeObject = entry.NativeObject;

            Console.WriteLine("Authenticated");

            var searcher = new DirectorySearcher(entry);
            searcher.Filter = "samaccountname=" + username;
            var result = searcher.FindAll();
            if (result == null) {
                Console.WriteLine("User " + username + " not found in LDAP.");
                return;
            }
            foreach (SearchResult res in result) {
                var resultEntry = res.GetDirectoryEntry();
                if (resultEntry == null) {
                    Console.WriteLine("Unable to get directory entry for user " + username);
                    return;
                }
                Console.WriteLine("SAM: " + resultEntry.Properties["sAMAccountName"].Value);
            }
        }
        catch (Exception ex) {
            Console.WriteLine("Error: " + ex);
        }

The code works perfectly fine if I run it on a machine on the same network as the root ldap server, but when I run it on the other network with that same container through the firewall, I get error:

Error: System.DirectoryServices.DirectoryServicesCOMException (0x8007202B): A referral was returned from the server.

However, if I change the container to just:

string container = "DC=domain,DC=local";

then I actually see the text "Authenticated" but then the search returns nothing. If I use that same minimal container and run the code on the same network as the ldap server I can again authenticate, but the search returns nothing as well.

This tells me that the container is telling it where to search for the user, I'm assuming though that the root server responds with a referral to another ldap server in the forest where the actual query is run from, but possibly, because I'm running the code on a closed network where the firewall is only opened for one root server and not all DC's then I guess the referral cannot be contacted and it all fails.

Is that right? Would this mean that I would have to open the firewall to all DCs on the other network? Ain't there a way to tell the root server to perform the connection itself to the other DC and just get me the data?

Why authentication works but query does not?

Sorry, too many questions but I'm lost in this scenario. Appreciate any help!

Are there multiple domains in their forest, and you are only connecting to the root domain?

If so, you'll need to use the global catalog ("GC://" instead of "LDAP://"). Then you won't get referred. But GC is a different port: 3268.

Using "LDAP://" will only get you results from the same domain as that domain controller. Using "GC://" will get you results from the whole forest.