Open Ports Required for Adding a Machine to a Domain

[itsp1965]

Folks we have a server that his been added to a very secured network, but we seem to have issues adding the machine to the domain.
All necessary ports (as far as I know) are open 135, 137, 138, 389, 445 ports > 1023.
My question is for the purpose of adding a machine to a domain, does it need to be able to reach a global catalog server, or is this only a requirement for users when authenticating after the fact. I am wondering if these ports need to be opened also.
Has anyone run into this situation before and maybe shed some light? Thanks.

 

[jfwebber]

I think the ports needed are the following:

135/tcp
1024-65535/tcp
389/tcp and udp
636/tcp
3268/tcp
3269/tcp
53/tcp and udp
88/tcp and udp
445/tcp

Also on the new server where do you have your DNS pointing to?

Jim W MCSE CCNA
Network Manager

 

[itsp1965]

Thanks Jim, DNS is working fine and I able to lookup all addresses, resources etc. Kerberos is also enabled. My question was in reference to the global catalog servers. I take it from your post that they are indeed required (ie ports 3268/3269) in order to add a machine to the domain. Can you confirm this. Thanks again.

 

[jfwebber]

I do believe so. Someone please correct me if I am wrong.

Jim W MCSE CCNA
Network Manager