Using the Windows Firewall will be the same like putting some firewall between the domain members and each DC and between each DC. I know for DC replication (AD and FRS) you can configure fixed RPC ports on each DC. I'm not sure if it is possible to configure a fixed RPC port(s) so domain members can still talk to the DC. My first feeling is that you'll have a hard time troubleshooting when issues occur and your firewall on each DC will look like swiss cheese Jorge
-----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 3/23/2005 8:56 PM Subject: RE: [ActiveDir] Domain Controller Firewalls Matt, This might help: http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4 caf-9767-a9166368434e&DisplayLang=en Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, March 23, 2005 1:25 PM To: [email protected] Subject: [ActiveDir] Domain Controller Firewalls Do any of you run the windows firewall on your Domain Controllers? If so where would I find what ports need to be open for Active Directory & DNS? Thanks, -- Matt Brown [ SELECT * FROM LDAP_Servers WHERE AD > OpenLDAP ] Information Technology System Specialist Eastern Washington University List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
