Campus Active Directory - Firewall and Network Information

Firewalls should be configured to allow traffic to and from the Campus Active Directory domain controllers.

Domain Controller Information

The Campus Active directory's production domain is: ad.wisc.edu

The domain controller IP addresses for each domain are:

ad.wisc.edu


  CADSDC-PROD-01.ad.wisc.edu 144.92.104.44  
  CADSDC-PROD-02.ad.wisc.edu 144.92.74.87  
  CADSDC-PROD-03.ad.wisc.edu 144.92.104.17  
  CADSDC-PROD-04.ad.wisc.edu 144.92.74.63  
  CADSDC-PROD-05.ad.wisc.edu 144.92.104.18  
  CADSDC-PROD-06.ad.wisc.edu 144.92.74.69  


Common Ports Used by Active Directory

Active Directory makes use of several ports, so it is easier to allow all traffic from the domain controllers, which should not pose a significant security risk (especially considering that the service can only be accessed via the campus network). However, if you want to restrict communication to specific ports, here is a list of commonly used ports in Active Directory:

Service Name Ports
RPC endpoint mapper135/TCP, 135/UDP
RPC dynamic assignment1024-65535/TCP
IKE, Internet Key Exchange500/UDP
IPSec over TCP4500/TCP
IPSec ESP, Encapsulated Security PayloadIP protocol 50
SMB over IP (Microsoft-DS)445/TCP, 445/UDP
LDAP389/TCP
LDAP over SSL636/TCP
Global catalog LDAP over SSL3269/TCP
Kerberos88/TCP, 88/UDP
Kpassd464/TCP, 464/UDP
Domain Name Service (DNS)53/TCP, 53/UDP
AD Web Service9389/TCP

Network Connectivity

The Campus Active Directory service can only be accessed within the campus network or the WiscVPN service. Exceptions to this rule cannot be made.




Keywords:campus active directory ad microsoft ad.wisc.edu adtest.wisc.edu firewall port rule rules exception ip address hostname   Doc ID:12329
Owner:MST Support .Group:Identity and Access Management
Created:2009-09-30 19:00 CDTUpdated:2022-05-12 10:55 CDT
Sites:DoIT Help Desk, Identity and Access Management
Feedback:  0   0