Announcement

Collapse
No announcement yet.

Active Directory Network Ports

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Network Ports

    Hi
    Guru,s
    Newbie here

    I wanna inquire abt wht network ports shud be allowed on a win 2003 sp2 Domain controller in order to allow

    "MACHINE JOINS TO A DOMAIN" nd
    "USERS AUTHENTICATING ON DOMAIN CONTROLLER"

    Plz specify the minimum ports required on both DC nd Domain Client System

    I wud be just testing in VMware nd Using Built in Windows Firewall

    I had referred to the
    ACTIVE DIRECTORY NETWORK PORTS SECTION mentioned in the
    following document , but that did,nt worked out for me
    ( Client firewall was turned of , only DC Firewall was confiugured )
    http://support.microsoft.com/kb/832017


    Thanks nd Regards
    Blog: http://VirtualizationMaximus.com
    OS ... VirTuaLiZaTioN ... MaxiMuS ... Fair, Good, Better, Best



  • #2
    Re: Active Directory Network Ports

    Hi,

    Take a look here.

    http://support.microsoft.com/kb/555381

    on my Firewall at work i configured the following ports from clients toward the DC servers :

    DCE-RPC, DNS, ICMP_ANY, Kerberos, LDAP, NTP, PING, nbdatagram_138, nbname_137, nbsession_139, tcp_445, ldap_udp_389, TCP_1025

    DNS is TCP/53 UDP/53
    DCE-RPC is TCP/135 UDP/135

    I never turn on the windows server 2003 firewall though.

    Hope you work it out, will also wait for others people replies
    Thanks & Regards

    Retaliator

    MCSA/MCSE/CCNA
    Computer Science Graduate

    Comment


    • #3
      Re: Active Directory Network Ports

      Originally posted by harmandeep View Post
      This refers to another article, which may answer your question: How to configure a firewall for domains and trusts
      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Active Directory Network Ports

        You need to have opened port 389 i 636.
        Also your DNS needs to have SRV record in DNS i order for your clients to see DC. That is done by DC promoting in AD integrated zone
        Also when you have mulli site inviroment, you need to specify subnet to site and assign DC to site in order to help clients to use proper DC. That is done in AD sites and services

        Comment

        Working...
        X