AD RODC internet firewalld ports

Question

Hello! I mapped the AD RODC to the public network, but found that the terminal on the public network could not be connected. Are there any other ports to be opened?

PORT:
SMB over IP (Microsoft-DS): port 445 TCP, UDP
Kerberos: port 88 TCP, UDP
LDAP: port 389 UDP
DNS: port 53 TCP, UDP
RPC Dynamically-assigned ports: 49152-65535 ,TCP

Answer 1

Hi @uranus829 ,

Here's two documentations of all the port requirements of Active Directory:

Older documentation:
Active Directory and Active Directory Domain Services Port Requirements

Newer documentation:
How to configure a firewall for Active Directory domains and trusts

----------

If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

Best regards,
Leon

Answer 2

Hello,

when you plan to configure RODC to receive configuration you need to have in mind to the ports which need to be open in order for the RODC and Writable DC to talk to each other, securing the communication between your RODC and the writable DC, provisioning the RODC and etc....The link below is an article on provisioning an RODC in the perimeter / DMZ. Take particular note of the Ports / Firewall and Security sections:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd728028(v=ws.10)?redirectedfrom=MSDN

Also here more information regarding Active Directory and Active Directory Domain Services Port Requirements

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)

Hope this helps you further!

Best Regards,