Client to Domain Controller communication through a firewall

Posted on 2002-05-14
Medium Priority
Last Modified: 2013-12-19

we have a single active directory domain set up, but some of our clients wil need to communicate with a domain controller that is behind a firewall. I have been reading through the firewall article written by Steve Riley of Microsoft but it is focused purely on DC to DC communication over a firewall. He outlines various options and all the ports that would need to be opened.

Since client to DC communication is less involved, i want to know which of the ports I need to have opened. In particular I want to know if the RPC dynamic assigment is required in this scenario. Are there any other articles other than the one by Steve that summaries what ports are needed in client to DC communications, when a firewall needs to be crossed.

Please advise.

Question by:schurch122297

Accepted Solution

TooKoolKris earned 800 total points
ID: 7011245
RPC Dynamic assignment normally takes place with the ports starting right over the well known i.e. 1025, 1026, 1027 ect.. You may want to leave a few of these open for those. You might have a hard time trying to find any specific articles about what ports need to be left open due to DC communications with other DC's. I would offer the suggestion of getting a port scanner; you can get one for free here - http://www.webattack.com/get/superscan.shtml

Setup your servers as normal and every so often scan the servers for open ports. You would want to do it during anytime the servers are running communications between each other, i.e. zone info, replication, ect..

This isn't the easiest solution obviously but you will learn a lot about what goes on between the servers from a network and transport layer level.

Hope this helps,


Expert Comment

ID: 9160061
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question