client traffic between parent and child domain
What is the expected traffic (and why is it generated) between hosts from parent to child domain (and vice versa)?  I understand all these ports get hit between the Domain Controllers (https://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx) however I am also seeing some traffic on ports 389/626/500 between parent domain clients and child DCs.  Why would clients be talking that way and is this expected?
August 27th, 2015 5:37pm

Hi,

Thanks for your post.

>Why would clients be talking that way and is this expected?

Active Directory communication takes place using several ports. These ports are required by both client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.

UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

TCP port 636  for Directory, Replication, User and Computer Authentication, Group Policy, Trusts

Please check the articles for more details.

http://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/

https://support.microsoft.com/en-us/kb/832017#4

Best Regards,

Mary Dong

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 1:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics