MIM 2016 GALSYNC using NAT RRS feed

  • Question

  • Hi,

    We are planning to setup MIM for GALSYNC.

    But, we want to use NAT onthe firewall when connecting to the DC/GC of org2

    DC/GC (Org1)-->MIM-->Firwall(NAT)-->DC/GC (ORG).

    Please let me know if this is going to work or not ?

    NAT is supported with MIM 2016

    Wednesday, November 25, 2015 1:55 AM


  • Hi,

    Yes, this will work. You will have to open the needed ports (for communication to AD) on the firewall to DC/GC (ORG) and perform NAT mapping.

    From the deployment guide:

    If there is a firewall between the server running FIM and the server running AD DS, the following ports must be opened in the firewall between the FIM Synchronization Server and the Active Directory domain controller:

    TCP/UDP 135 (RPC EPMapper)
    TCP/UDP 389 (LDAP, LDAP Ping)
    TCP 636 (LDAP over SSL)
    TCP 3268 (GC)
    TCP 3269 (GC SSL)
    TCP/UDP 53 (DNS)
    TCP/UDP 88 (Kerberos)
    TCP Dynamic (RPC)
    TCP/UDP 464 (Kerberos Change/Set Password)

    To facilitate WMI communication, you will also need to make sure the following ports are open between the server running the FIM Service and the server running the FIM Synchronization Service:

    TCP/UDP 135 (RPC EPMapper)
    TCP 135 (RPC EPMapper)
    TCP 5725
    TCP 5726
    TCP 5000-5001 Dynamic RPC ports (PCNS)
    TCP 57500-57520 Dynamic RPC ports (AD MA)

    Good luck!

    PS: If the DC domain is not published, you will have to specify the firewall public adress as the "forest name" and the "domain name" in order to access the DC on DC/GC (ORG).

    Wouter Landuyt | IS4U FIM/MIM Expert Blog: blog.is4u.be

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!

    • Proposed as answer by Wim Beck Friday, December 11, 2015 9:35 AM
    • Marked as answer by Nothing 123 Wednesday, July 11, 2018 7:57 AM
    Friday, November 27, 2015 10:50 AM