Google IT Solutions: September 2014

Thursday 4 September 2014

Cloud Domain Controller for Branch office

Plan for Cloud Domain Controller.

Setup Remote Domain Controller via Direct access
Following Ports need to be opened in Firewall or Router on both side.
  • NAT Local IP of Domain Controller to Public IP or Internet IP
  • A domain name will be register on godaddy.com or register.com or etc
  • Additional Domain Controller will be setup in branch office and both Server will replicate to each other
  • UDP Port 88 for Kerberos authentication
  • TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
  • TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
  • UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
  • TCP Port 445 for File Replication Service
  • TCP Port 464 for Kerberos Password Change
  • TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
  • TCP Port 53 for DNS from client to domain controller and domain controller to domain controller.
Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.

Setup Remote Domain Controller via VPN.

A best solution to secure your domain traffic is Site-to-Site VPN.

  • On both side site-to-site vpn will create
  • No need to purchase or register a domain name from godaddy or register.com etc.
  • If a firewall installed in Cloud then need to allow ports in firewall to communicate Domain Server and Client machines.
  • UDP Port 88 for Kerberos authentication
  • TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
  • TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
  • UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
  • TCP Port 445 for File Replication Service
  • TCP Port 464 for Kerberos Password Change
  • TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
  • TCP Port 53 for DNS from client to domain controller and domain controller to domain controller.