05-31-2016 03:28 PM - edited 05-31-2016 03:30 PM
Trying to narrow it down and determine the minimum set of applications/services that need to be allowed for a user to login into a Windows 7 client in one zone and authenticate against a Server 2008R2 AD Domain Controller in a different zone? The Windows 7 client is a member of the domain. Need the ability for users to change passwords, access a read-only file share and also for GPO to work.
Any ideas are very much appreciated.
06-05-2016 05:01 AM
This documentation on MS TechNet details the AD port requirements and their function.
https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
06-08-2016 07:39 AM - edited 06-08-2016 07:42 AM
Thanks Steve,
This is a useful TechNet article, but it is about DC to DC communications; I'm looking for client to DC communications info.
Cheers,
Pierre
06-10-2016 04:51 PM
Can't seem to find the client to DC article. But here are the ports I pulled when setting this up a few years back.
53/tcp and 53/udp (only if the DC is also the DNS source)
749/udp
88/tcp/udp
389/tcp/udp
3268/tcp
445/tcp/udp
123/udp
135/tcp
tcp random range: 49152 to 65535
06-15-2016 07:07 AM
Hello and sorry for the late reply. Here are the applications I have setup for my cross zone AD authentication:
active-directoy
dns
kerberos
ldap
ms-ds-smb
ms-kms
ms-netlogon
ms-product-activation
msrpc
netbios-dg
netbios-ns
netbios-ss
ntp
ssl
I'm sure you might not need all, but its a start.
Cheers!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
