Port used for Active Directory authentication against Domain Controllers

Senior IT System Engineer
Senior IT System Engineer used Ask the Experts™
on
Hi All,

I'd like to know if anyone can let me know which IP address or server that is currently using Active Directory integrated domain authentication ? I'm running Wireshark for one week to get the data of which servers is using AD authentication mode.

Is htere any port number that is used by the application to conenct to the domain controller for DomainMode enumeration ?

Because when I look into the Event viewer in all of the domain controllers, I'm overwhelmed and confused myself.

Thanks,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Use below command to find the current authentication DC name

Nltest /dsgetdc:DomainName or Set L

For AD port

http://www.windowstricks.in/2011/06/active-directory-ports.html

http://www.windowstricks.in/2010/11/windows-port-number.html

Author

Commented:
Ok so if I run the command above is there any outage ?
No outage running above command, this will list current logon DC with site and others details
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
What are you trying to achieve here? All domain objects are going to use AD for authentication. Also use the port list from the offical TechNet which provides more detail.

https://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

You can also use netstat >> c:\results.txt to find the machines that are authenticating to a DC based on the ports they are using at the current time.

Will.

Author

Commented:
I'm raising domain functionality level from 2003 to 2008R2 Will.

So I need to know which server it application is authenticating regularly against my AD domain controllers.

Any .Net framework older than 4.0 will have issue in 2008R2 domain functionality level.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
Where did you read that upgrading the functional level affects. NetFramework lower than 4.0? Upgrading the functional level only affects the Domain controllers and the features that are "unlocked". It does not affect members servers or workstations.

Will.

Author

Commented:
This one Will:

https://support.microsoft.com/en-us/kb/2260240

So I wonder if Exchange Server 2010 SP3 needs to be restarted as well and apply the patch or hotfix too.
Senior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
Ok thanks for the link. Looking at the link above it only applied to very specific machines 2003/2008SP2 anything above that does not apply. Also the application will only be affected if it is using "DomainMode Enumeration". That being said why not just apply the HotFix available to your machines that are 2008SP2 and 2003?

Seems logical.

So I wonder if Exchange Server 2010 SP3 needs to be restarted as well and apply the patch or hotfix too.

IF you are running 2008SP2 for your Exchange 2010 server then apply the patch. See the other link below for helpful info.

http://blogs.technet.com/b/pie/archive/2014/09/07/raising-functional-level-are-you-getting-cold-feet-because-of-kb2260240.aspx

Will.

Author

Commented:
Will,

Luckilly all of my Exchange Servers 2010 SP3 are running on Windows Server 2008 R2 non-SP1 and also all of the Applicatiopn Servers running Windows Server 2008 R2 SP1, so I guess I do not need to apply the patch above :-)

Also I do not even need restarting Exchange server services after the raise.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
That is correct.

Will.

Author

Commented:
Thanks Guys !

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial