FSMO roles transfer

Question

Hi guys,
We have 2 AD subnets, one is on-prem and one is in Cloud. there is a site to site VPN between the on-prem and the Cloud ADs. Now we want to move the FSMO roles from on-prem server 2019 DC to a server 2021 DC in Cloud and then retire all the on-prem DC's
the on-prem DCs and Cloud DC's sync now for almot a year and everything is fine. currently not all the ports are opened betwee the two subnets. Which ports must be opened to make sure that on-prem domain users not affected and also admins can add new pc's to the domain?

Thanks

Answer 1

Port requirements are listed here.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 2

Hello Shahin Mortazave,

Thank you for posting in our Q&A forum.

Q: Which ports must be opened to make sure that on-prem domain users not affected and also admins can add new pc's to the domain?

A: For the ports, we can refer to links below.

Active Directory and Active Directory Domain Services Port Requirements

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN

Active Directory Replication over Firewalls

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727063(v=technet.10)?redirectedfrom=MSDN

Here are other ports may related to other roles in AD.

https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.