Hi All,
I wanted to know about the exact ports which are required for communication between domain controller to domain controller and client to domain controller. I have to allow these ports through the firewall.
I have followed the technet library link and after my own testing created this list -
Client to DC Communication -
| TCP/UDP 137-139 | NetLogon, NetBIOS Name Resolution, DFS, Group Policy, NetBIOS Datagram Service |
| TCP/UDP 88 | Kerberos |
| TCP/UDP 53 | DNS |
| TCP/UDP 123 | NTP |
| TCP 9389 | SOAP |
| UDP 67 & UDP 2535 | DHCP, MADCAP, PXE |
DC to DC communication -
| TCP/UDP 135 | RPC, EPM, MSMQ |
| TCP/UDP 137-139 | DFSN, NetBIOS Session Service, NetLogon |
| TCP/UDP 389 | LDAP |
| TCP 636 | LDAP SSL |
| TCP 3268 | LDAP GC |
| TCP 3269 | LDAP GC SSL |
| TCP/UDP 445 | SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc |
| TCP 5722 | RPC, DFSR (SYSVOL) |
| TCP 9389 | ADWS |
| TCP/UDP 49152-65535, TCP/UDP 1024 - 5000 | RPC randomly allocated high TCP ports, DCOM |
| TCP 593 | RPC over HTTPS |
| TCP/UDP 464 | Replication, User and Computer Authentication, Trusts (Kerberos change/set password) |
Does these ports looks good ?
Experts please help.
Thanks,
Neeraj.