Announcement

Collapse
No announcement yet.

Firewall considerations for populating an AD forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall considerations for populating an AD forest

    Hi,

    There may be a need to look after two other geographically located AD domains from the one where I am located. None of them are currently connected. So I am looking at the possibility of bringing the two domains that are remote to me into a single forest with my local domain.

    What are the firewall considerations of doing this, so that the three domains can see each other? What changes would need to be done on the three firewalls so that they can securely pass Active Directory information between each other, and also, so that they can securely see each other's file shares? Is it enough to NAT the servers and restrict access to them by incoming IP address? What security concerns and procedures should be setup and enabled?

    Thank you.

  • #2
    Re: Firewall considerations for populating an AD forest

    have you not been able to find the MS knowledge base that specifically outlines what firewall ports AD needs ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Firewall considerations for populating an AD forest

      First of you'll need to change the port of that the RPC Endpoint Mapper service uses from a dynamic to a static one.
      Link below on how to do that as well as additional ports needed for AD replication.
      Http://support.microsoft.com/kb/224196
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment

      Working...
      X