Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DCPROMO

1 view
Skip to first unread message

Sameer

unread,
Jan 8, 2010, 9:37:46 AM1/8/10
to
Does dcpromotion operation need any additional ports to be open on the
firewall than what are required for AD/FRS replication?


Florian Frommherz [MVP]

unread,
Jan 8, 2010, 9:37:51 AM1/8/10
to
Howdie!

Sameer schrieb:


> Does dcpromotion operation need any additional ports to be open on the
> firewall than what are required for AD/FRS replication?

I would suspect there being some other traffic (RPC traffic?) among the
domain controllers so chances are there is additional traffic between
them. It's not just replication traffic but advertising the new DC in
the directory. A test dcpromo of two DCs with a network sniffer should
reveal that pretty quickly.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.

Paul Bergson [MVP-DS]

unread,
Jan 8, 2010, 9:45:18 AM1/8/10
to

No. Check out an article I have on ports required.

Note this isn't accurate for 2008
http://www.pbbergs.com/windows/articles/FirewallReplication.html

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Sameer" <Sam...@live.com> wrote in message
news:%23ddsbAH...@TK2MSFTNGP06.phx.gbl...

Ace Fekay [MVP-DS, MCT]

unread,
Jan 8, 2010, 10:44:01 AM1/8/10
to
"Sameer" <Sam...@live.com> wrote in message
news:%23ddsbAH...@TK2MSFTNGP06.phx.gbl...
> Does dcpromotion operation need any additional ports to be open on the
> firewall than what are required for AD/FRS replication?
>

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

There are numerous ports. It is best to have a VPN into the network instead
of opening all of the ports required, which essentially will Swiss cheese a
firewall. Paul's blog on this will help you with the ports required.

Ace Fekay [MVP-DS, MCT]

unread,
Jan 8, 2010, 10:44:18 AM1/8/10
to
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:%23o6I0EH...@TK2MSFTNGP04.phx.gbl...

> No. Check out an article I have on ports required.
>
> Note this isn't accurate for 2008
> http://www.pbbergs.com/windows/articles/FirewallReplication.html
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>

I believe it applies to 2008, too. :-)

Ace

Paul Bergson [MVP-DS]

unread,
Jan 11, 2010, 8:18:44 AM1/11/10
to
The upper range has changed.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This


posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in message
news:uBL1xlHk...@TK2MSFTNGP05.phx.gbl...

Ace Fekay [MVP-DS, MCT]

unread,
Jan 11, 2010, 12:32:32 PM1/11/10
to
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:uyVibCsk...@TK2MSFTNGP02.phx.gbl...

> The upper range has changed.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>

Thanks for the correction. I had that noted in my notes, however I
completely forgot! Here's a link on it for anyone interested.

The default dynamic port range for TCP/IP has changed in Windows Vista and
in Windows Server 2008
http://support.microsoft.com/?kbid=929851

Cheers!

Ace

Jorge Silva

unread,
Jan 11, 2010, 5:01:34 PM1/11/10
to
Hi
http://support.microsoft.com/kb/179442
http://support.microsoft.com/kb/832017


--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Sameer" <Sam...@live.com> wrote in message

news:#ddsbAHk...@TK2MSFTNGP06.phx.gbl...

0 new messages