Campus Active Directory - Firewall and Network Information

Firewalls should be configured to allow traffic to and from the Campus Active Directory domain controllers.

Domain Controller Information

The Campus Active directory's production domain is:

The domain controller IP addresses for each domain are:  

Common Ports Used by Active Directory

Active Directory makes use of several ports, so it is easier to allow all traffic from the domain controllers, which should not pose a significant security risk (especially considering that the service can only be accessed via the campus network). However, if you want to restrict communication to specific ports, here is a list of commonly used ports in Active Directory:

Service Name Ports
RPC endpoint mapper135/TCP, 135/UDP
RPC dynamic assignment1024-65535/TCP
IKE, Internet Key Exchange500/UDP
IPSec over TCP4500/TCP
IPSec ESP, Encapsulated Security PayloadIP protocol 50
SMB over IP (Microsoft-DS)445/TCP, 445/UDP
LDAP over SSL636/TCP
Global catalog LDAP over SSL3269/TCP
Kerberos88/TCP, 88/UDP
Kpassd464/TCP, 464/UDP
Domain Name Service (DNS)53/TCP, 53/UDP
AD Web Service9389/TCP

Network Connectivity

The Campus Active Directory service can only be accessed within the campus network or the WiscVPN service. Exceptions to this rule cannot be made.

Keywords:campus active directory ad microsoft firewall port rule rules exception ip address hostname   Doc ID:12329
Owner:MST Support .Group:Identity and Access Management
Created:2009-09-30 19:00 CDTUpdated:2022-05-12 10:55 CDT
Sites:DoIT Help Desk, Identity and Access Management
Feedback:  0   0