Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall ports for adding a machine to a domain

Status
Not open for further replies.
acl03

acl03

MIS
Jun 13, 2005
1,077
US
I have a domain in that sits behind a firewall. I want to add a server to this domain that is on a different firewall.

What ports do I need open between the new member server and the DC's in order to get the server to connect?

Also, if I want to add a new DC in this second location, what ports does it need open to communicate with the rest of the domain? Thanks.



Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Sort by date Sort by votes
Thanks, Pat.

The sites are both in our LAN, just in different DMZ segments. A VPN isn't necessary, just whatever ports AD requires would need to be opened.



Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
GC would be 3268 but you may need NetBIOS on 135. Never tried it though.
 
Upvote 0 Downvote
Fully open all the ports needed, and your firewall might as well be Swiss cheese next to a rat nest.
Agree will 58Sniper, use a VPN

........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
The firewall for starters isn't even necessary in this case, as it's all internal. I could bore you with the specifics, but I doub't it'd be too interesting :)

There is more than one firewall protecting this whole system from the internet, it's just two enclosed systems talking to each other.



Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
I had most of the ports opened that were listed in that link I posted above. Our security officer didn't want to open the 'TCP High Ports' (ports > 1023).

I found a guide documenting how to restrict RPC to use certain ports, rather than anything over 1023, with registry changes.


Do these registry changes need to be made on every domain controller in the domain? Or only the servers in each of the 2 sites that communicate with each other?

Thanks.

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
408
DTGMI
DTGMI
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
481
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
708
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
211
ADB100
ADB100
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
508
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top