I'm working in a very restrictive environment where I am to move workstations from one domain to another. Some important facts:
1. No migration tools can be used. Just a simple NETDOM script that will move the systems can be allowed
2. No trusts will be allowed. I am trying to get them to allow a 1-way (target forest will trust source) but that's a "maybe"
3. Source forest is 2008R2, target is Server 2012
4. Workstations are Win7 with just a few XP
5. Source and target environments will be separated by a firewall
So let's assume no trusts will be allowed. I'll use NETDOM in a script to move workstations from source to target that will contain the appropriate credentials in my script for both source and target forests. I'm thinking the ports that must be open between both environments are:
53 - DNS
135 - RPC Endpoint
389 - LDAP
445 - SMB
Obviously, DNS resolution between source and target must be in place. Am I missing anything here?
As always, thanks for the help.
There's a 'kind of list' here:
Not the most helpful, but I'd suggest you want the joining external domain ports.