Skip to main content
Tutek_OLD
Tutek_OLD
New Member
April 7, 2021
Question

Service group "Windows AD"

  • April 7, 2021
  • 2 replies
  • 6292 views

Hi,

if I configure access from lan to vlan where my DC is located, should I select in firewall only service group named: "Windows AD".

Is this enough to have access to all needed services to my windows domain controller, like singing users, joining computers, NTP, etc?

    2 replies

    cvandestoc
    cvandestoc
    New Member
    May 21, 2021

    Hello,

     

    Do you have find an answer for your question ? I am in the same case.

     

    Please let me know if you have tested an validated this solution.

     

    Thanks

    cvandestoc
    cvandestoc
    New Member
    May 21, 2021

    Hello,

     

    For information in windows AD group Name service you have the following services. (find in attached file windows_AD)

     

    I think you have to add NTP if you when NTP services.

    I think with these services the authntication will work fine but I prefere a confirmation, especially when the user change the password after password espiration from active directory.

     

    I'm not sure SMB, SAMBA is necessary for authentication, but you can keep it.

    cvandestoc
    cvandestoc
    New Member
    May 25, 2021

    Hello, 

    I found one more information, in the Windows AD group, you have to open port 464 on UDP and TCP ( it's for Kerberos change/set password). Before check if it's not already open in kerberos service.

     

    Best regards.

    Terms & ConditionsAccessibility statement