Hi,
I have a firewall between my Domain Controllers and my clients and I would like to know which ports should I open and the traffic (inbound/outbound) that I should allow so that the AD works correctly.
Thanks a lot for your help.
Oussama
Technology Tips and News
Hi,
I have a firewall between my Domain Controllers and my clients and I would like to know which ports should I open and the traffic (inbound/outbound) that I should allow so that the AD works correctly.
Thanks a lot for your help.
Oussama
Hello,
For AD authentication, needed ports are mentioned in this article: http://msmvps.com/blogs/rexiology/archive/2006/04/05/89389.aspx
Port Assignments for Active Directory Replication
Service Name UDP TCP
LDAP 389 389
LDAP 36
GC 3268
Kerboros 88 88
DNS 53 53
smb over IP 445 445
Reference KB:
http://technet.microsoft.com/en-us/library/bb727063.aspx
http://support.microsoft.com/kb/179442
Regards,
Sandesh Dubey.
-------------------------------
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.
Hi,
firewall between my Domain Controllers and my clients and I would like to know which ports should I open and the traffic
port requirement for Client computers and Domain Controllers communicating with each other.
Active Directory communication takes place using several ports. These ports are required by both client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.
The following is the list of services and their ports used for Active Directory communication:
UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.
Refer below for AD DS and replication ports requirement:
http://support.microsoft.com/kb/832017
Regards,
Abhijit Waikar.
-------------------------------
MCSA|MCSA:Messaging|MCTS|MCITP:SA
My Blog: http://abhijitw.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.
Hi,
And also make sure you enable ICMP on firewall and also the RPC random range.....1024-65000
Check out my blog, it has tips on reducing the high ports range needed as well as standard ports:
http://www.pbbergs.com/windows/articles/FirewallReplication.html
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.