Mixed versus Native Mode Windows 2000 Domain Ports

Native vs mixed mode Windows 2000 domains involve much more that whether NT
BDC can be used. If you have firewalls within your enterprise you need to know
what protocols and ports are used to communicate between servers and clients in
each mode.

Native mode ports and functions





















PORTS
FUNCTION


TCP 53
DNS
UDP/TCP 389
LDAP
UDP/TCP 500
ISAKMP/Oakley negotiation traffic (IPSec)
UDP/TCP 636
LDAP (over TLS/SSL)
UDP 88
Kerberos
UDP/TCP 750, 751
Kerberos Authentication
UDP 752
Kerberos Password Server
UDP 753
Kerberos User Registration Server
TCP 522
User Location Store
TCP 754
Kerberos Slave Propagation
TCP 888
Logon and Environment Passing
TCP Dynamic
Directory Replication
TCP 2053
Kerberos de-multiplexor (Kerberos V4)
TCP 2105
Kerberos encrypted login
TCP 3268
Global Catalog
TCP 3269
Global Catalog

If you have NT clients or servers you will have to allow the above ports plus
the ports needed for mixed mode domains:


















PORTS
FUNCTION
UDP: 53
DNS Resolution
UDP: 67, 68
DHCP Lease
UDP: 137, 138
Browsing
UDP: 137, 138/TCP: 139
Logon Sequence
UDP: 137, 138/TCP: 139
Pass-Through Validation
UDP: 137, 138/TCP: 139
Printing
UDP: 137, 138/TCP: 139
Trusts
UDP: 137, 138/TCP: 139
WinNT Secure Channel
UDP: 138/TCP: 139
Directory Replication
UDP: 138
NetLogon
TCP: 42
WINS Replication
TCP: 135
DHCP Manager, DNS Administration, WINS Manager
TCP: 137
WINS Registration
TCP: 139
Event Viewer, File Sharing, Performance Monitor,
Registry Editor, Server
Manager, User Manager,
WinNT Diagnostics
Related tips:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top