Cymbaline65
asked on
Minimum ports required for NETDOM to move workstations
Hello all-
I'm working in a very restrictive environment where I am to move workstations from one domain to another. Some important facts:
1. No migration tools can be used. Just a simple NETDOM script that will move the systems can be allowed
2. No trusts will be allowed. I am trying to get them to allow a 1-way (target forest will trust source) but that's a "maybe"
3. Source forest is 2008R2, target is Server 2012
4. Workstations are Win7 with just a few XP
5. Source and target environments will be separated by a firewall
So let's assume no trusts will be allowed. I'll use NETDOM in a script to move workstations from source to target that will contain the appropriate credentials in my script for both source and target forests. I'm thinking the ports that must be open between both environments are:
53 - DNS
135 - RPC Endpoint
389 - LDAP
445 - SMB
Obviously, DNS resolution between source and target must be in place. Am I missing anything here?
As always, thanks for the help.
Eric
I'm working in a very restrictive environment where I am to move workstations from one domain to another. Some important facts:
1. No migration tools can be used. Just a simple NETDOM script that will move the systems can be allowed
2. No trusts will be allowed. I am trying to get them to allow a 1-way (target forest will trust source) but that's a "maybe"
3. Source forest is 2008R2, target is Server 2012
4. Workstations are Win7 with just a few XP
5. Source and target environments will be separated by a firewall
So let's assume no trusts will be allowed. I'll use NETDOM in a script to move workstations from source to target that will contain the appropriate credentials in my script for both source and target forests. I'm thinking the ports that must be open between both environments are:
53 - DNS
135 - RPC Endpoint
389 - LDAP
445 - SMB
Obviously, DNS resolution between source and target must be in place. Am I missing anything here?
As always, thanks for the help.
Eric
ASKER
Thanks for the response.
So include ports 137 and 139 too?
So include ports 137 and 139 too?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There's a 'kind of list' here:
http://technet.microsoft.com/en-us/library/cc756944(v=WS.10).aspx
Not the most helpful, but I'd suggest you want the joining external domain ports.