Link to home
Start Free TrialLog in
Avatar of Vas
VasFlag for United States of America

asked on

Joining to an AD domain "over the Internet"

Currently, we have all our servers in one data center, but we are standing up an add'l virtual machine remotely at a cloud provider for hosting a specific application, and my question is about joining that machine to our internal Active Directory.

I realize we'll need to open various ports in the firewalls (the list below) in our domain controllers and whitelist this external machine, but I wanted to ask about anything else I should be thinking about?

Is AD traffic encrypted by default? Or do we need to implement some kind of VPN connection? The external machine is cloud server/VM.


I believe these are the ports on our AD servers that we'll need to adjust the firewalling of, to alow the external machine to connect to AD:

UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.


So encryption is one question, but are there any other things I should be thinking about as well?


Thanks
ASKER CERTIFIED SOLUTION
Avatar of Rich Weissler
Rich Weissler

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The best way to go about it is to have a VPN tunnel between the data center and the cloud provider. That will let you join systems to the domain as appropriate.
EXPERT CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Vas

ASKER

Thank you