AD RODC internet firewalld ports

uranus829 66 Reputation points
2021-09-08T04:44:44.883+00:00

Hello! I mapped the AD RODC to the public network, but found that the terminal on the public network could not be connected. Are there any other ports to be opened?

PORT:
SMB over IP (Microsoft-DS): port 445 TCP, UDP
Kerberos: port 88 TCP, UDP
LDAP: port 389 UDP
DNS: port 53 TCP, UDP
RPC Dynamically-assigned ports: 49152-65535 ,TCP

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,538 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Leon Laude 85,701 Reputation points
    2021-09-08T06:56:40.377+00:00

    Hi @uranus829 ,

    Here's two documentations of all the port requirements of Active Directory:

    Older documentation:
    Active Directory and Active Directory Domain Services Port Requirements

    Newer documentation:
    How to configure a firewall for Active Directory domains and trusts

    ----------

    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,
    Leon

    0 comments No comments

  2. Limitless Technology 39,461 Reputation points
    2021-09-08T09:22:46.207+00:00

    Hello,

    when you plan to configure RODC to receive configuration you need to have in mind to the ports which need to be open in order for the RODC and Writable DC to talk to each other, securing the communication between your RODC and the writable DC, provisioning the RODC and etc....The link below is an article on provisioning an RODC in the perimeter / DMZ. Take particular note of the Ports / Firewall and Security sections:

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd728028(v=ws.10)?redirectedfrom=MSDN

    Also here more information regarding Active Directory and Active Directory Domain Services Port Requirements

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)

    Hope this helps you further!

    Best Regards,

    0 comments No comments