I just want to know, which port need to be open if i place firewall between Windows Client ( XP or 7 ) and Domain Controller ( Window Server 2008 R2 )
Please note it is between Client and DC and not between DC to DC
I have searched on google, but in google the answer which i got is between Client as well as from DC to DC.
As per my finding I need to open.
- TCP & UDP port 88 for Kerberos Authentication
- TCP & UDP 389 for LDAP
- TCP & UDP 445 for SMB/CIFS/SMB2
- TCP and UDP port 464 for Kerberos Password Change
- TCP Port 3268 & 3269 for Global Catalog
- TCP and UDP port 53 for DNS
- TCP and UDP Dynamic - 1025 to 5000 ( Windows Server 2003 ) & start from 49152 to 65535 ( Windows Server 2008 ) for DCOM, RPC, EPM
Let me know, if I'm missing something.
Note:- It's between Client and DC only.
Here are a few links from Microsoft that show the data you are requesting. Note that the dynamic ranges for 2003 and 2008 have changed so if you have a mixed environment you might need to open both ranges or make them static.
To view your dynamic ranges for the client you can use the below commands, more info about this can be found at kb929851 (the site would not let me post a 3rd link so I had to shorten it)
Aside from the list you mentioned, you would also need:
If you want to utilize LDAP over SSL you'll also need TCP port 636.
Reference: How to configure a firewall for Domains and Trusts