none
Domain joining port

    Question

  • I want to join a server to a domain, I come back to you to ask if the opening ports 445 and 389 is necessary

    Saturday, December 24, 2016 11:31 PM

Answers

  • Though I answered this question in StackOverflow, I'll answer again here.  It appears Dave answered this question at the same time here as I did over on the one at StackOverflow:  I want to join a server to a domain, I come back to you to ask if the opening ports 445 and 389 is necessary.

    Ports 389 and 445 are required, as well as a number of other ports. A note on Port 636: that's the secure LDAP port - a domain-joining client cannot use this port when joining the domain because the client won't be able to trust the DC's SSL certificate until after it is already joined to the domain.   As Dave said, you can use a network monitor tool on it.


    Best Regards, Todd Heron | Active Directory Consultant

    • Marked as answer by KAROUACH AMINE Sunday, December 25, 2016 1:51 PM
    Sunday, December 25, 2016 3:40 AM

All replies

  • Here's a list of the port requirements.

    https://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Todd Heron Sunday, December 25, 2016 3:28 AM
    Saturday, December 24, 2016 11:35 PM
  • Thanks for your reply, another question please,  can I force the server to join the domain with port 636 LDAPs and disable port 445 and 389?

    • Proposed as answer by Todd Heron Sunday, December 25, 2016 3:35 AM
    • Unproposed as answer by Todd Heron Sunday, December 25, 2016 3:35 AM
    Saturday, December 24, 2016 11:41 PM
  • I'd either just try it or you could also network monitor or wireshark it.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, December 24, 2016 11:46 PM
  • Ok i will try  network monitor thank you 
    Saturday, December 24, 2016 11:54 PM
  • Sounds good, you're welcome.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Sunday, December 25, 2016 12:01 AM
  • Though I answered this question in StackOverflow, I'll answer again here.  It appears Dave answered this question at the same time here as I did over on the one at StackOverflow:  I want to join a server to a domain, I come back to you to ask if the opening ports 445 and 389 is necessary.

    Ports 389 and 445 are required, as well as a number of other ports. A note on Port 636: that's the secure LDAP port - a domain-joining client cannot use this port when joining the domain because the client won't be able to trust the DC's SSL certificate until after it is already joined to the domain.   As Dave said, you can use a network monitor tool on it.


    Best Regards, Todd Heron | Active Directory Consultant

    • Marked as answer by KAROUACH AMINE Sunday, December 25, 2016 1:51 PM
    Sunday, December 25, 2016 3:40 AM