|
Greetings all... I just had someone stop by my office asking what ports need to be open
to allow a machine to join a domain. It appears these security “experts”
feel that they need to limit the communication both inbound… and
outbound. (Don’t get me started on the outbound part…) They said that when they tried to join the computer to the domain that
it wouldn’t work. But when the turn off the outbound rule set in
the high order range, “Communication” worked. I have several
papers on firewall configuration for AD. But I have not found a reference
that discusses what ports are necessary to all a machine to be “joined”
to a domain. My assumption is that it would require all the base ports… 88,
123, 54, 389, 445, but does it require any dynamic ports. I will probably
run a packet sniffer later this week to check this out myself, but if anyone
can quickly comment, it would be appreciated. Also, Reading the latest Microsoft Whitepaper on Kerberos Troubleshooting, I
noticed that they listed port 446, for password resets for Kerberos V5. According
to Microsoft Firewall White Papers for AD, this port is never mentioned. So
my question is, is it required for Microsoft Kerberos clients, or if you are
using a mixture of clients. Thanks, Todd |
Title: Message
- RE: [ActiveDir] Joining computer to a domain... An... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Joining computer to a domain..... Santhosh Sivarajan
