what firewall ports need to be opened before setting up a domain trust?

Posted on 2014-08-05
Last Modified: 2015-01-06
i will be setting up a 2 way domain trust this weekend between 2 domains
one domain has 2 sites, and 4 domain controllers (call this domain1)
the other domain has 6 sites and about 8-10 domain controllers (call this domain2) each of the DCs are paired up, and on different networks (i.e. 2 are on 10.1.1.x, 2 are on 10.1.2.x, etc)
there are firewalls between all of the sites

so my question is- what ports need to be opened, and what servers would i need to open these ports for?
do i need to open all the ports to all the domain controllers to/from domain1 and domain2? or can i just open ports to/from 2 of the domain controllers in domain2, to domain1?
im sure this is confusing
Question by:jsctechy
    LVL 57

    Accepted Solution

    Here is the list of of ports that need to be opened for 2012 use the 2008 settings

    Ports should be opened to PDEc in domain 1 to talk to PDCe in domain 2.  Also make sure name resolution works between the two domains (conditional forwarders are one way to do that)

    LVL 1

    Author Comment

    thanks Mike
    when you say PDEc, do you mean the domain controller that holds the PDC emulator role?

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now