I need to place some domain member servers behind a firewall. There are no domain controllers behind the firewall. Very few ports will be opened back to the main network. For example, one server is a web server and only HTTPS in will be allowed. Domain authenticaion will be allowed (ports 135, 389, 445, 1026 back to the DCs) A policy is in place where the domain member maximum password age is set at 60 days. Will this password change also use the same ports used by user authentication; if not, which ports? And if the password happens to expire, it would prevent user authentication because of a failed computer account, correct?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Domain member server behind firewall - machine password age
- Thread starter wallst32
- Start date
bluelinenetworks
IS-IT--Management
Should be on same ports I believe. As long as the account is locked it will stop auth, unless it uses cached credentials. Then you would have to disable that, and rely on your DC link being up for login.
ok those ports will not work whatsoever...you are missing a ton...
see kb 179442...you need everything it says in there...
88, 445, 389, 3286, 1024-65535 (1024-5000 will work), 53...and still some more to go....
-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
see kb 179442...you need everything it says in there...
88, 445, 389, 3286, 1024-65535 (1024-5000 will work), 53...and still some more to go....
-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
- Status
Similar threads
- Locked
- Question