AD Authentication through Firewall

Posted on 2012-09-14
Last Modified: 2012-10-01
Points of My Scenario
1. I am admin of Domain A only, which trusts Domain B
2. App server01 (Domain A member server) sits behind a firewall along with a DC from Domain A
3. Domain B has one DC (domain controller) - but it is NOT behind the firewall
4. Users from Domain A can logon to the application on server01 (Domain A member server)
5. Users from Domain B cannot logon to the application on server01 - because the app server can't pass credentials to DC of Domain-B
What is ports to open in the firewall from server01 to Domain B's DC?
NOTE: I have no admin privileges on DC in domain B.
Question by:waltforbes
    LVL 18

    Accepted Solution

    you can use netmon/portquery/wireshark tools to check


    How to configure a firewall for domains and trusts
    LVL 24

    Assisted Solution


    Author Comment

    To sarang_tinguria:
    1. I do not need communication between the 'secure' DC (domain A) and LAN DC (domain B).
    2. I need communication between the 'secure' App server (domain A) and the LAN DC (domain B): see attached JPEG

    To sandeshdubey:
    1. The 'secure' App server (domain A) needs to pass authentication requests coming from Domain B users (in the LAN) to LAN DC (domain B) - illustrated in attached JPEG.
    2. There are some 19 ports required according to your link (AD Firewall Ports) .
    QUESTION: Can I just use one or two ports between secure app server and LAN DC for passing authentication traffic?

    Author Comment

    To sarang_tinguria & sandeshdubey:
    My apologies - I forgot to attach the JPEG. Here it is in this comment.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now