This section discusses the network ports that are used by DSfW services to listen on for incoming network traffic. These ports are configured automatically after the DSfW installation.
Table D-1 Services and Network Ports used by DSfW
|
Service |
Port / Protocol |
|---|---|
|
Microsoft-DS traffic |
445/TCP, 445/UDP |
|
LDAP |
389/TCP (or 636/TCP if using SSL) |
|
LDAP Ping |
389/UDP |
|
Kerberos |
88/TCP, 88/UDP |
|
DNS |
53/TCP, 53/UDP |
|
RPC Endpoint Manager |
135/TCP, 135/UDP |
|
RCP Dynamic Assignments |
1024 - 65535/TCP |
|
Global Catalog LDAP |
3268/TCP |
|
Global Catalog LDAP over SSL |
3269/TCP |
|
Network Time Protocol |
123/UDP |
|
NetBIOS Name Service |
137/TCP, 137/UDP |
|
NetBIOS Datagram Service |
138/TCP, 138/UDP |
|
NetBIOS Session Service |
139/TCP, 139/UDP |
|
Domain Service Daemon |
8025/TCP |
The RPC dynamic assignment rule allows inbound traffic on any port above 1023. If your firewall permits this, there is very little reason to enable a firewall. However, you can force xadsd to use a specific port by using the -p option. Otherwise, RPC ports are ephemeral.
After restarting the DNS server, refer to Section 8.0, Activities After DSfW Installation or Provisioning to verify that eDirectory and DSfW have been installed and configured correctly.
IMPORTANT:After installing DSfW server into a partition in which you want to configure a domain, the DSfW server holds the master replica of that partition. This is required because the master replica holds the FSMO roles for the domain.