none
Which port need to be opened to configure GAL_MA of other domain controller ? RRS feed

  • Question

  • we use MIIS.

    Which port need to be opened to configure GAL_MA of other domain controller which MIIS does not belong to? only 389 ?

    Wednesday, January 2, 2013 3:17 AM

Answers

  • check out:
     
    The GAL MA is a special preconfigured AD MA (similar to). Therefore you can use the same configuration as for the AD MA.
     

    Management Agent for Active Directory

    Minimum Permissions

     

    Operation Minimum Permissions

    Connect and discover objects in Active Directory

    Member of Domain Admins group.

    - or -

    Replicating Directory Changes permission for each domain of the forest that the management agent accesses. For more information about how to grant the Replicating Directory Changes permission, see the Microsoft web site.

    Create, modify, or delete Active Directory objects and attributes

    For non-administrative accounts, additional permissions might need to be added as appropriate. For example:

    • To create a new object, the Create All Child Objects permission is required.

    • To delete an object, the Delete All Child Objects permission is required.

    For more information about setting the Replicating Directory Changes permission in Active Directory, see Microsoft Knowledge Base article 303972 (http://go.microsoft.com/fwlink/?LinkId=47854).

    Communication Protocols and Ports

     

    Service Protocol Port

    LDAP

    TCP/UDP

    389

    Kerberos

    TCP/UDP

    88

    DNS

    TCP/UDP

    53

    Kerberos Change Password

    UDP

    464

     

    <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "miyagiken" wrote in message news:cdb92e82-dd7f-4765-9997-c9a7a9167e86@communitybridge.codeplex.com...

    we use MIIS.

    Which port need to be opened to configure GAL_MA of other domain controller which MIIS does not belong to? only 389 �?


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Wednesday, January 2, 2013 7:14 AM
  • Thursday, January 3, 2013 2:13 PM

All replies

  • check out:
     
    The GAL MA is a special preconfigured AD MA (similar to). Therefore you can use the same configuration as for the AD MA.
     

    Management Agent for Active Directory

    Minimum Permissions

     

    Operation Minimum Permissions

    Connect and discover objects in Active Directory

    Member of Domain Admins group.

    - or -

    Replicating Directory Changes permission for each domain of the forest that the management agent accesses. For more information about how to grant the Replicating Directory Changes permission, see the Microsoft web site.

    Create, modify, or delete Active Directory objects and attributes

    For non-administrative accounts, additional permissions might need to be added as appropriate. For example:

    • To create a new object, the Create All Child Objects permission is required.

    • To delete an object, the Delete All Child Objects permission is required.

    For more information about setting the Replicating Directory Changes permission in Active Directory, see Microsoft Knowledge Base article 303972 (http://go.microsoft.com/fwlink/?LinkId=47854).

    Communication Protocols and Ports

     

    Service Protocol Port

    LDAP

    TCP/UDP

    389

    Kerberos

    TCP/UDP

    88

    DNS

    TCP/UDP

    53

    Kerberos Change Password

    UDP

    464

     

    <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "miyagiken" wrote in message news:cdb92e82-dd7f-4765-9997-c9a7a9167e86@communitybridge.codeplex.com...

    we use MIIS.

    Which port need to be opened to configure GAL_MA of other domain controller which MIIS does not belong to? only 389 �?


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Wednesday, January 2, 2013 7:14 AM
  • Thursday, January 3, 2013 2:13 PM