hi there!
We have 2008 r2 domain controllers with domain and functional level 2008 r2.
We would like to install another DC in other location (locations are connected with site to site vpn).
I am familiar with this info: http://support.microsoft.com/kb/179442#method3, and http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx but my question is in which direction must this ports be opened to/from other location? In both? From DC1 (in primary location) to DC2 (in secondary location), or from DC2 to DC1? Just one way or both directions? Who is the iniciator in the replication?
Does our network guys need to open this in both direction or in 1-way direction only?:
| Client Port(s) | Server Port | Service |
|---|---|---|
| 49152 -65535/UDP | 123/UDP | W32Time |
| 49152 -65535/TCP | 135/TCP | RPC Endpoint Mapper |
| 49152 -65535/TCP | 464/TCP/UDP | Kerberos password change |
| 49152 -65535/TCP | 49152-65535/TCP | RPC for LSA, SAM, Netlogon (*) |
| 49152 -65535/TCP/UDP | 389/TCP/UDP | LDAP |
| 49152 -65535/TCP | 636/TCP | LDAP SSL |
| 49152 -65535/TCP | 3268/TCP | LDAP GC |
| 49152 -65535/TCP | 3269/TCP | LDAP GC SSL |
| 53, 49152 -65535/TCP/UDP | 53/TCP/UDP | DNS |
| 49152 -65535/TCP | 49152 -65535/TCP | FRS RPC (*) |
| 49152 -65535/TCP/UDP | 88/TCP/UDP | Kerberos |
| 49152 -65535/TCP/UDP | 445/TCP | SMB |
| 49152 -65535/TCP | 49152-65535/TCP | DFSR RPC (*) |
what does client ports stands for? In this case who's the client and who's the server?
with best regards,
bostjanc