Network connection ports and firewall settings for DCS [deploy Windows Server 2008 Series for Enterprise] 10]

In the previous 9 articles to share with you the construction of the 2008 DC and the core mode of some applications, when we have to deploy infrastructure services for the enterprise to be safe to start Windows Server 2008 with Windows Firewall, and many enterprises will also Deploy some security-resolution products (such as ISA) separately. So, to do a good job of the deployment of these products, we need to understand the Active Directory services and the network connection port on the DC, so that everyone in the deployment of firewall products to open the necessary ports to allow our business legitimate users to connect to the service in a timely manner.

Network connection port for DC: Here I explain the port number that is open for domain-related application services on DCs for domain users and member computers.

Let's look specifically at what services are available and which ports are open:

First, open the DNS Service Management tool on a DC, expand the domain name wgs.com for the forward lookup zone (take the wgs.com domain, for example) with both the _tcp and _udp SRV resource records, and view the SRV resource records to see the Active Directory related on the DC Connection ports opened by the service:

A. Select _tcp to view TCP ports that are open to Active Directory-related services on the DC

B. You can see that there are _ldap (TCP 389 port), _KPASSWD (TCP 464), _kerberos (TCP 88 port), _GC (port is TCP 3268)

C. Select _tcp to view the UDP ports on the DC that are Active Directory related services Open

D. You can see the _kerberos (port is UDP) _KPASSWD (port is UDP 464)