Required communication ports

The following table lists the ports that you must open on the firewall to allow communication from a writeable domain controller in the corporate network to the RODC in the perimeter network, along with the type of traffic that is used on these ports.

Note

For more information about configuring file replication through a specific static port see the Microsoft support article, (https://go.microsoft.com/fwlink/? LinkId=149419)

The following table below lists the ports that you must open on the firewall to allow communication from the RODC in the perimeter network to a writeable domain controller in the corporate network, along with the type of traffic that is used on these ports.

Note

For more information about configuring Active Directory replications through a specific port see the Microsoft support article, (https://go.microsoft.com/fwlink/? LinkID=133489)

The following table lists the ports that you must open on the firewall to allow communication between the member servers in the perimeter network and the RODC in the perimeter network, along with the type of traffic that is used on these ports. You must open these ports only if there is an internal firewall that separates your member servers in the perimeter network from the RODC in the perimeter network.

Note

If you are using Windows Server 2003 in the perimeter network, you must also open port UDP 88 for Kerberos communication. In contrast, by default Windows Server 2008 uses only port TCP 88 for Kerberos communication.