3

I want to run DFS replication between a couple of servers. It's my understanding that the servers need to be part of a domain for this. Being able to give people a username and password that works on all servers would be useful too, so I can lock up the admin password.

All machines will be running Windows 2008R2 and they will all be running Windows Firewall, so I need to be able to allow the other machines to connect to this server, but lock out everyone else.

So my question is: what ports do I need to allow the machines to connect to the Domain Controller over?

Piers Karsenbarg
  • 548
  • 3
  • 12
  • 24

1 Answers1

7

According to this blog post from an MVP.

  • TCP 135 : MS-RPC
  • TCP 1025 & 1026 : AD Login & replication
  • TCP 389 : LDAP
  • TCP & UDP 53 : DNS
  • TCP 445 : SMB , Microsoft-ds
  • TCP 139 : SMB
  • UDP 137 & 138 : NetBIOS related
  • UDP 88 : Kerberos v5
Alex
  • 3,129
  • 21
  • 28
  • 1
    I would contest the 1025 and 1026 - they were probably used as ephemeral ports in that poster's testing, but that's not a relevant listening service. And you'll want TCP/88 for Kerberos as well. – Shane Madden Aug 24 '11 at 15:35