Hey DW,
This can be found in the SSPR deployment guide http://www.microsoft.com/en-us/download/details.aspx?id=29959
It works like this:
Password portal communicates with FIM Service (port 5725), FIM Service communicates with Sync Service using WMI, and the AD MA account resets the password over LDAP (TCP/UDP 389)
From the
deployment guide:
If there is a firewall between the server running FIM and the server running AD DS, the following ports must be opened in the firewall between the FIM Synchronization Server and the Active Directory domain controller:
TCP/UDP 135 (RPC EPMapper)
TCP/UDP 389 (LDAP, LDAP Ping)
TCP 636 (LDAP over SSL)
TCP 3268 (GC)
TCP 3269 (GC SSL)
TCP/UDP 53 (DNS)
TCP/UDP 88 (Kerberos)
TCP Dynamic (RPC)
TCP/UDP 464 (Kerberos Change/Set Password)
TCP 445 (CIFS/ MICROSOFT-DS)
To facilitate WMI communication, you will also need to make sure the following ports are open between the server running the FIM Service and the server running the FIM Synchronization Service:
TCP/UDP 135 (RPC EPMapper)
TCP 135 (RPC EPMapper)
TCP 5725
TCP 5726
TCP 5000-5001 Dynamic RPC ports (PCNS)
TCP 57500-57520 Dynamic RPC ports (AD MA)
-Andrew
- Edited by
Andrew Masse
Sunday, January 26, 2014 8:31 PM
formatting
- Marked as answer by
Divine Wind
Monday, January 27, 2014 12:34 AM