Excellent Source… This is what I wanted… Thanks… Todd From: Santhosh
Sivarajan [mailto:[EMAIL PROTECTED] This might help http://support.microsoft.com/default.aspx?scid=kb;en-us;832017 Santhosh From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Greetings all... I just had someone stop by my office asking what ports need to be open
to allow a machine to join a domain. It appears these security
“experts” feel that they need to limit the communication both
inbound… and outbound. (Don’t get me started on the outbound
part…) They said that when they tried to join the computer to the domain that
it wouldn’t work. But when the turn off the outbound rule set in
the high order range, “Communication” worked. I have several
papers on firewall configuration for AD. But I have not found a reference
that discusses what ports are necessary to all a machine to be
“joined” to a domain. My assumption is that it would require all the base ports… 88,
123, 54, 389, 445, but does it require any dynamic ports. I will probably
run a packet sniffer later this week to check this out myself, but if anyone
can quickly comment, it would be appreciated. Also, Reading the latest Microsoft Whitepaper on Kerberos Troubleshooting, I
noticed that they listed port 446, for password resets for Kerberos V5.
According to Microsoft Firewall White Papers for AD, this port is never
mentioned. So my question is, is it required for Microsoft Kerberos
clients, or if you are using a mixture of clients. Thanks, Todd |
Title: Message
- RE: [ActiveDir] Joining computer to a domain... An... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Joining computer to a domain..... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Joining computer to a domain..... Myrick, Todd (NIH/CIT)