Tuesday, December 22, 2009

open firewall ports for domain membership

Tuesday, December 22, 2009 Posted by Andre Broers ,
To join a domain, the DC must have the following ports open:

Client Port(s) Server Port Service

49152 -65535/UDP 123/UDP W32Time

49152 -65535/TCP 135/TCP RPC-EPMAP

49152 -65535/TCP 138/UDP Netbios

49152 -65535/TCP 49152 -65535/TCP RPC

49152 -65535/TCP/UDP 389/TCP/UDP LDAP

49152 -65535/TCP 636/TCP LDAP SSL

49152 -65535/TCP 3268/TCP LDAP GC

49152 -65535/TCP 3269/TCP LDAP GC SSL

53, 49152 -65535/TCP/UDP 53/TCP/UDP DNS

49152 -65535/TCP 135, 49152 -65535/TCP RPC DNS

49152 -65535/TCP/UDP 88/TCP/UDP Kerberos

49152 -65535/TCP/UDP 445/NP-TCP/NP-UDP SAM/LSA

to support older 2003 r2 and back open ports:
TCP 1025-5000