«

»

Порты необходимые для репликации Active Directory через Firewall (WAN)

По умолчанию для таких сервисов как:

  • RPC for AD Replication
  • RPC for FRS Replication (SYSVOL)
  • RPC for DFS Replication (SYSVOL )

Контроллеры домена устанавливают соединение по 135/tcp порту (RPC endpoint mapper). В таком случае порт назначается динамически в диапазоне 1024-65535/tcp. Cтатическая привязка портов. Порты которые необходимо открыть для репликации Active Directory через Firewall (WAN).

Сервис Порт/Протокол
RPC endpoint mapper 135/tcp, 135/udp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
RPC static port for AD replication <AD static port>/TCP
RPC static port for FRS or <FRS static port>/TCP
RPC static port for DFS Replication <DFSR static port>/TCP
SMB over IP (Microsoft-DS) 445/tcp, 445/udp
LDAP 389/tcp
LDAP ping 389/udp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp, 53/udp
Protocol and Port AD and AD DS Usage Type of traffic
TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP
TCP 636 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP SSL
TCP 3268 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC
TCP 3269 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC SSL
TCP and UDP 88 User and Computer Authentication, Forest Level Trusts Kerberos
TCP and UDP 53 User and Computer Authentication, Name Resolution, Trusts DNS
TCP and UDP 445 Replication, User and Computer Authentication, Group Policy, Trusts SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
TCP 25 Replication SMTP
TCP 135 Replication RPC, EPM
TCP Dynamic Replication, User and Computer Authentication, Group Policy, Trusts RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS
TCP 5722 File Replication RPC, DFSR (SYSVOL)
UDP 123 Windows Time, Trusts Windows Time
TCP and UDP 464 Replication, User and Computer Authentication, Trusts Kerberos change/set password
UDP Dynamic Group Policy DCOM, RPC, EPM
UDP 138 DFS, Group Policy DFSN, NetLogon, NetBIOS Datagram Service
TCP 9389 AD DS Web Services SOAP
UDP 67 and UDP 2535 DHCP

noteNote
DHCP is not a core AD DS service but it is often present in many AD DS deployments. 

 

DHCP, MADCAP
UDP 137 User and Computer Authentication, NetLogon, NetBIOS Name Resolution
TCP 139 User and Computer Authentication, Replication DFSN, NetBIOS Session Service, NetLogon

Permanent link to this article: http://www.blogss.ru/ports-required-for-active-directory-replication-over-firewall-tmg

Добавить комментарий

Your email address will not be published.