Export (0) Print
Expand All

Appendix A: List of Ports

Updated: July 31, 2004

Applies To: Windows Server 2003 with SP1

The following tables shows the list of ports that you must open before you set up trusts.

 

Scenario Outbound Ports Inbound Ports From - To

Trust setup on both sides from the internal forest

LDAP (389 UDP and TCP)

Microsoft SMB (445 TCP)

Kerberos (88 UDP)

Endpoint resolution portmapper (135 TCP) Netlogon fixed port

Internal domain domain controllers External domain domain controllers (all ports)

Trust validation from the internal forest domain controller to the external forest domain controller (outgoing trust only)

LDAP (389 UDP)

Microsoft SMB (445 TCP)

Endpoint resolution portmapper (135 TCP) Netlogon fixed port

Internal domain domain controllers External domain domain controllers (all ports)

Object picker on the external forest to add objects that are in internal forest to groups and DACLs

LDAP (389 UDP and TCP)

Windows NT Server 4.0 directory service fixed port

Netlogon fixed port

Kerberos (88 UDP)

Endpoint resolution portmapper (135 TCP)

External server Internal domain PDCs (Kerberos)

External domain domain controllers Internal domain domain controllers (Netlogon)

Setup trust on the external forest from the external forest

LDAP (389 UDP and TCP)

Microsoft SMB (445 TCP)

Kerberos (88 UDP)

External domain domain controllers Internal domain domain controllers (all ports)

Kerberos authentication (internal forest client to external forest)

Kerberos (88 UDP)

Internal client External domain domain controllers (all ports)

NTLM authentication (internal forest client to external forest)

Endpoint resolution portmapper (135 TCP) Netlogon fixed port

External domain domain controllers Internal domain domain controllers (all ports)

Domain join from internal computer to external domain

LDAP (389 UDP and TCP)

Microsoft SMB (445 TCP)

Kerberos (88 UDP)

Endpoint resolution portmapper (135 TCP) Netlogon fixed port

Windows NT Server 4.0 directory service fixed port

Internal client External domain domain controllers (all ports)

Configure the following keys to specify the services that you want to run on a fixed port:

  1. LSA(Local Security Authority) RPC port (same as NTDS fixed port) used for trust creation and other access to the LSA Policy database TCP/IPPortentry in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters registry key.

  2. Netlogon RPC port used for NTLM, Trust channel DCTcpipPort entry in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters registry key.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft