Active Directory Port Usage - Info Required

Hi,

I manage a small network which is connected via a one way incoming
Trust to our head office. The link between our offices is controlled
via a head office managed firewall. The head office server team is
having some difficulty adding security groups created in our domain
(subdomain.bz) to ACL's for various shared folders on Server in the
head office domain (hodomain.bz). The reason for this difficulty is
they are unable to connect to our main DC to pull down our AD
information. I believe the problem is with the Firewall configuration
as I'm fairly confident the DNS is working fine on both side and the
they can see out SVR records and resolve our DC's IP

My question is, if I try to access the Active Directory of an external
domain what network traffic should be passed by both parties. I need
specific information as I want to send this to the team that manage
the firewall to ensure the correct ports are open.

Note 1: Both domains are Windows 2000 Native with Windows 2003 servers
hold all FSMO roles.
Note 2: I am able to access all remote resources where AD
authentication is not required (e.g. SAP)

Thanks for any advise on this

PC

If it was being blocked by the Firewall then the Firewall would be telling
them what is being dropped,...then they would see right in front of them
what "requirement" is being rejected.

The reality is that this should be a private connection.
VPN counts as private on the *inside* of the Tunnel
Private Traffic (or traffic *inside* the Tunnel) should not be "firewalled".
The most likely cause of this is a DNS issue and not a "firewall" issue.

You need to do Zone Transfers so that the AD/DNS Zone of each Location has a
copy of itself on the opposite side. The DNS on each side should not be
referenceing each other on the TCP/IP Settings.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"PMC1" <(E-Mail Removed)> wrote in message
news:0897feab-25ad-4ad7-83fc-(E-Mail Removed)...
> Hi,
>
> I manage a small network which is connected via a one way incoming
> Trust to our head office. The link between our offices is controlled
> via a head office managed firewall. The head office server team is
> having some difficulty adding security groups created in our domain
> (subdomain.bz) to ACL's for various shared folders on Server in the
> head office domain (hodomain.bz). The reason for this difficulty is
> they are unable to connect to our main DC to pull down our AD
> information. I believe the problem is with the Firewall configuration
> as I'm fairly confident the DNS is working fine on both side and the
> they can see out SVR records and resolve our DC's IP
>
> My question is, if I try to access the Active Directory of an external
> domain what network traffic should be passed by both parties. I need
> specific information as I want to send this to the team that manage
> the firewall to ensure the correct ports are open.
>
> Note 1: Both domains are Windows 2000 Native with Windows 2003 servers
> hold all FSMO roles.
> Note 2: I am able to access all remote resources where AD
> authentication is not required (e.g. SAP)
>
> Thanks for any advise on this
>
> PC