D.0 Network Ports Used by DSfW

This section discusses the network ports that are used by DSfW services to listen on for incoming network traffic. These ports are configured automatically after the DSfW installation.

Table D-1 Services and Network Ports used by DSfW

Service

Port / Protocol

Microsoft-DS traffic

445/TCP, 445/UDP

LDAP

389/TCP (or 636/TCP if using SSL)

LDAP Ping

389/UDP

Kerberos

88/TCP, 88/UDP

DNS

53/TCP, 53/UDP

RPC Endpoint Manager

135/TCP, 135/UDP

RPC Dynamic Assignments

1024 - 65535/TCP

Global Catalog LDAP

3268/TCP

Global Catalog LDAP over SSL

3269/TCP

Network Time Protocol

123/UDP

NetBIOS Name Service

137/TCP, 137/UDP

NetBIOS Datagram Service

138/TCP, 138/UDP

NetBIOS Session Service

139/TCP, 139/UDP

Domain Service Daemon

8025/TCP

The RPC dynamic assignment rule allows inbound traffic on any port above 1023. If your firewall permits this, there is very little reason to enable a firewall. However, you can force xadsd to use a specific port by using the -p option. Otherwise, RPC ports are ephemeral.

After restarting the DNS server, refer to Section 8.0, Activities After DSfW Installation or Provisioning to verify that eDirectory and DSfW have been installed and configured correctly.

IMPORTANT:After installing DSfW server into a partition in which you want to configure a domain, the DSfW server holds the master replica of that partition. This is required because the master replica holds the FSMO roles for the domain.