Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Client to Domain Controller communication through a firewall

Posted on 2002-05-14
4
Medium Priority
?
1,649 Views
Last Modified: 2013-12-19
Hello,

we have a single active directory domain set up, but some of our clients wil need to communicate with a domain controller that is behind a firewall. I have been reading through the firewall article written by Steve Riley of Microsoft but it is focused purely on DC to DC communication over a firewall. He outlines various options and all the ports that would need to be opened.

Since client to DC communication is less involved, i want to know which of the ports I need to have opened. In particular I want to know if the RPC dynamic assigment is required in this scenario. Are there any other articles other than the one by Steve that summaries what ports are needed in client to DC communications, when a firewall needs to be crossed.

Please advise.

Simon
0
Comment
Question by:schurch122297
4 Comments
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 800 total points
ID: 7011245
RPC Dynamic assignment normally takes place with the ports starting right over the well known i.e. 1025, 1026, 1027 ect.. You may want to leave a few of these open for those. You might have a hard time trying to find any specific articles about what ports need to be left open due to DC communications with other DC's. I would offer the suggestion of getting a port scanner; you can get one for free here - http://www.webattack.com/get/superscan.shtml

Setup your servers as normal and every so often scan the servers for open ports. You would want to do it during anytime the servers are running communications between each other, i.e. zone info, replication, ect..

This isn't the easiest solution obviously but you will learn a lot about what goes on between the servers from a network and transport layer level.

Hope this helps,

TooKoolKris
MCSE+I, CCNA, A+
0
 

Expert Comment

by:CleanupPing
ID: 9160061
schurch:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question