Active Directory Ports on firewall for password changing

I have an online portal that communicates with our 2008R2 AD server. The portal is used as a self service password changing/reset help desk. I am moving the self service portal it to another subnet and on another interface of our firewall.

The ports found here:
Must all these ports be open on the firewall for the portal to communicate its password change requests with AD? Or just certain ones?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
All ports for Active Directory should be added to the firewall. Based on the link you have provided the only one that might not be required is port 25 as this is SMTP replication for Sites and Services. However to ensure that everything is going to work properly you should be adding all ports required.

Some products may require a subset of those ports, but it depends on how the product works.  For instance, some will just do a reset, others will first query AD for a matching user, etc.  I recently had to do something similar and had to open almost all of those.  One that may not be needed is UDP 67 and UDP 2535 which is used for DHCP.

If you want to try removing some of those, hopefully your firewall logs will help you out in telling you what is being used by your particular app.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.