What ports should i open if i want to connect a server to a domain using SLDAP?

Hello,
I have a server that is in the DMZ network and i need to connect it as a member server of our Domain inside the LAN.

I know (Please correct me if i'm wrong) that the following ports should be opened from the server to all the DC's in the domain.

TCP 135 : MS-RPC
TCP 1025 & 1026 : AD Login & replication
TCP 389 : LDAP
TCP & UDP 53 : DNS
TCP 445 : SMB , Microsoft-ds
TCP 139 : SMB
UDP 137 & 138 : NetBIOS related
UDP 88 : Kerberos v5


My question is, If I want a secure connection (since it's in the DMZ), is it enough if i simply replace the TCP 389 port with 636 (SLDAP) port? Will I still need to open the remaining ports? and if so, is it still considered a secured connection (since i presume all other connections are not secured)
johnnyjonathanAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
lruiz52Connect With a Mentor Commented:
Best thing to do would be to setup an RODC in the DMZ. you will have to open all the ports you mentioned plus 636SLDP and 3269GC.

check the link below.;

http://technet.microsoft.com/en-us/library/dd728028(WS.10).aspx

http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
0
 
johnnyjonathanAuthor Commented:
Thanks for both answers, RODC isn't an option since i'm using 2003.
I can use IPSEC, however here's my question.

I want to confirm that SLDAP isn't enough, i'll still need to open the remaining ports I've mentioned, however, from a security standpoint (not technical, since that one is explained in the articles you provided) it's a problem. are there any other secure ports to use if we want to go SLDAP? otherwise, what's the point of SLDAP if the remaining ports are not secured.
0
 
ZenVenkyArchitectCommented:
Agree with Jaihunt and lruiz52. In addition I would suggest you to check these links as a reference, so that you can decide what to do SLDAP and its ports.

How A Criminal Might Infiltrate Your Network

This link is just reference: http://technet.microsoft.com/en-us/library/dd728030(WS.10).aspx
0
 
johnnyjonathanAuthor Commented:
Great tip, thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.