Domain Trust Port Requirements

Trust relationship between two win2k based or between two win2k3 based domain controllers that are not in the same forest.

Domain trust port requirements. Supporting services and tools. Opening on premises network firewall ports. Learn more about microsoft s active directory and active directory domain services port requirements. So i d like to know the firewall ports i need to open between the dcs.

Port 42 tcp and udp for wins replication. A two way trust is one that flows both directions between two domains. Windows server 2003 and windows 2000 server. In addition you should also allow internet control message protocol icmp.

This includes all ports required between domain clients and domain controllers for a domain to work. For a mixed mode domain that uses either windows nt domain controllers or legacy clients trust relationships between windows server 2003 based domain controllers and windows 2000 server based domain controllers may necessitate that all the ports for windows nt that are listed in the previous table be opened in addition to the following ports. Alternatively a trust can be established through point to point tunneling protocol pptp. Read the windows server 2008 and later versions section of the microsoft support article how to configure a firewall for active directory domains and trusts to learn about the ports needed for a forest trust.

Trusts under windows nt were a bit complicated but in. Port 53 tcp and udp for dns. The following tables list the minimal set of ports required to establish trust. The following ports need to be opened if you have once of the following.

The domain controllers and active directory section in service overview and network port requirements for windows. The net logon service maintains a secured channel. You may use lmhosts for name resolution which would have pre dom entries for the domain controllers or wins can be used which requires. To support trusts and authentication some additional features and management tools are used.

For the operation of the trust this port is not required it is used for trust creation only. For example domain a trusts domain b and domain b trusts domain a. A one way trust is required for this scenario. Im setting up a new trust between two forests both with single domain connecting to each other via private wan.

All ports above 1024 for rpc communication. A mixed mode domain with either nt domain controllers or legacy clients 2. You may need to configure more ports depending on your scenario. Specifically the dev local domain is configured to trust the users lan domain.