none
AD域控间数据复制问题 RRS feed

  • 问题

  • 背景:公司部署了3台windows2012R2 域控,北京部署2台厦门部署一台

    北京的两台域间数据正常,部署再厦门的域控用户数据跟北京的两台不同步,现在怀疑是防火墙的某些端口没开导致,请问域间数据通信需要开通那些端口,及如何判断端口已开启?

    关于这块的AD日志ID大概会是那些


    • 已编辑 smalfish 2019年11月14日 2:18
    2019年11月14日 2:09

答案

  • 您好!

     DC之间通信我们需要开启以下端口:

    Protocol and Port

    AD and AD DS Usage

    Type of traffic

    TCP and UDP 389

    Directory, Replication, User and Computer Authentication, Group Policy, Trusts

    LDAP

    TCP 636

    Directory, Replication, User and Computer Authentication, Group Policy, Trusts

    LDAP SSL

    TCP 3268

    Directory, Replication, User and Computer Authentication, Group Policy, Trusts

    LDAP GC

    TCP 3269

    Directory, Replication, User and Computer Authentication, Group Policy, Trusts

    LDAP GC SSL

    TCP and UDP 88

    User and Computer Authentication, Forest Level Trusts

    Kerberos

    TCP and UDP 53

    User and Computer Authentication, Name Resolution, Trusts

    DNS

    TCP and UDP 445

    Replication, User and Computer Authentication, Group Policy, Trusts

    SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

    TCP 25

    Replication

    SMTP

    TCP 135

    Replication

    RPC, EPM

    TCP Dynamic

    Replication, User and Computer Authentication, Group Policy, Trusts

    RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS

    TCP 5722

    File Replication

    RPC, DFSR (SYSVOL)

    UDP 123

    Windows Time, Trusts

    Windows Time

    TCP and UDP 464

    Replication, User and Computer Authentication, Trusts

    Kerberos change/set password

    UDP Dynamic

    Group Policy

    DCOM, RPC, EPM

    UDP 138

    DFS, Group Policy

    DFSN, NetLogon, NetBIOS Datagram Service

    TCP 9389

    AD DS Web Services

    SOAP

    UDP 67 and UDP 2535

    DHCP

    DHCP, MADCAP

    UDP 137

    User and Computer Authentication,

    NetLogon, NetBIOS Name Resolution

    TCP 139

    User and Computer Authentication, Replication

    DFSN, NetBIOS Session Service, NetLogon

     

    https://docs.microsoft.com/zh-cn/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN

      

    查看端口是否开通,我们可以使用工具:PortQryUI查看。

    关于常见的Event以及解决方案,您可以参考以下链接左边罗列的信息:

    https://support.microsoft.com/zh-cn/help/2023007/active-directory-replication-error-8456-or-8457-the-source-destination

      

    希望以上信息对您有帮助,祝您工作愉快。

     此致!

                   敬礼!

    Crystal


    如果您的问题得到解答,请在登录后将此回复标记为“答案”,非常感谢您的支持。

    如果您对 TechNet 订户支持有反馈,您可以联系tnmff@microsoft.com.

    2019年11月14日 4:52