Hello,
I have a server that is in the DMZ network and i need to connect it as a member server of our Domain inside the LAN.
I know (Please correct me if i'm wrong) that the following ports should be opened from the server to all the DC's in the domain.
TCP 135 : MS-RPC
TCP 1025 & 1026 : AD Login & replication
TCP 389 : LDAP
TCP & UDP 53 : DNS
TCP 445 : SMB , Microsoft-ds
TCP 139 : SMB
UDP 137 & 138 : NetBIOS related
UDP 88 : Kerberos v5
My question is, If I want a secure connection (since it's in the DMZ), is it enough if i simply replace the TCP 389 port with 636 (SLDAP) port? Will I still need to open the remaining ports? and if so, is it still considered a secured connection (since i presume all other connections are not secured)
check the link below.;
http://technet.microsoft.com/en-us/library/dd728028(WS.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx