windows域控服务器全部端口列表和说明

Windows2012R2企业域环境安装和配置域控制器防火域配置说明本文适用于企业级多域控环境中对硬件防火墙的配置概要：详细的域控需要开放的防火墙端口说明，如需要查阅端口清单，请下载本人百度文库中中一表格文件《域控防火墙端口清单》本文所推荐的端口是复杂域环境下，会涉及多种服务。目录客户端（PC）到域控的端口清单...........................................................................................3域控的端口清单.......................................................................................................................4ActiveDirectory（本地安全机构）.........................................................................................5计算机浏览器...........................................................................................................................5DHCP服务器...........................................................................................................................6分布式文件系统.......................................................................................................................6分布式文件系统复制...............................................................................................................6分布式链接跟踪服务器...........................................................................................................7分布式事务处理协调器...........................................................................................................7DNS服务器..............................................................................................................................7事件日志...................................................................................................................................8文件复制...................................................................................................................................8组策略.......................................................................................................................................8HTTPSSL....................................................................................................................................9Kerberos密钥发行中心..........................................................................................................9网络登录...................................................................................................................................9NetMeeting远程桌面共享...................................................................................................10远程过程调用(RPC)..............................................................................................................10远程过程调用(RPC)定位器................................................................................................11服务器.....................................................................................................................................11简单邮件传输协议(SMTP)...................................................................................................11SystemsManagementServer2.0...........................................................................................12终端服务.................................................................................................................................12WindowsInternet名称服务(WINS)....................................................................................12Windows时间.......................................................................................................................13万维网发布服务.....................................................................................................................13客户端（PC）到域控的端口清单应用程序协议协议端口ICMP(ping)ICMPDNSTCP53HTTPTCP80KerberosTCP88RPCTCP135NetBIOS名称解析TCP137NetBIOS数据报服务TCP138NetBIOS会话服务TCP139DC定位器TCP389SMBTCP445Kerberos密码V5TCP464LDAPSSLTCP636RPC随机分配的高TCP端口TCP1024-65535RPC随机分配的高TCP端口TCP49152-65535RPC随机分配的高UDP端口UDP1024-65535DNSUDP53DHCP服务器UDP67KerberosUDP88NTPUDP123RPCUDP135NetBIOS名称解析UDP137NetBIOS数据报服务UDP138NetBIOS会话服务UDP139DC定位器UDP389SMBUDP445Kerberos密码V5UDP464RPC随机分配的高UDP端口UDP49152-65535域控的端口清单应用程序协议协议端口ICMP(ping)ICMPSMTPTCP25WINS复制TCP42DNSTCP53HTTPTCP80KerberosTCP88RPCTCP135NetBIOS名称解析TCP137NetBIOS数据报服务TCP138NetBIOS会话服务TCP139DC定位器TCP389HTTPSTCP443SMBTCP445Kerberos密码V5TCP464RPCoverHTTPSTCP593LDAPSSLTCP636终端服务TCP3389RPCTCP5722ADDSWebServicesTCP9389RPC随机分配的高TCP端口TCP1024-65535全局编录服务器TCP32693268RPC随机分配的高TCP端口TCP49152-65535WINS复制UDP42DNSUDP53DHCP服务器UDP67KerberosUDP88NTPUDP123RPCUDP135NetBIOS名称解析UDP137NetBIOS数据报服务UDP138NetBIOS会话服务UDP139DC定位器UDP389SMBUDP445Kerberos密码V5UDP464IPsecISAKMPUDP500MADCAPUDP2535NAT-TUDP4500RPC随机分配的高UDP端口UDP49152-65535RPC随机分配的高UDP端口UDP1024-65535ActiveDirectory（本地安全机构）ActiveDirectory在LSASS进程下运行，它包括用于Windows2000和WindowsServer2003域控制器的身份验证引擎和复制引擎。除了1024和65535之间的某一范围的临时TCP端口外，域控制器、客户端计算机和应用程序服务器还需要通过特定硬编码端口与ActiveDirectory进行网络连接，除非使用隧道协议封装此通信。封装的解决方案可能在同时使用第2层隧道协议(L2TP)和IPsec的筛选路由器后面包含一个VPN网关。在此封装方案中，您必须允许IPsec封装式安全协议(ESP)（IP协议50）、IPsec网络地址转换器遍历NAT-T（UDP端口4500）以及IPsecInternet安全关联和密钥管理协议(ISAKMP)（UDP端口500）通过路由器，而不是打开下面列出的所有端口和协议。最后，可以按知识库中的以下文章中所述，对用于ActiveDirectory复制的端口进行硬编码：224196将ActiveDirectory复制流量限制在特定端口注意：L2TP流量不需要数据包筛选器，因为L2TP受IPSecESP保护。系统服务名称：LSASS应用程序协议协议端口全局编录服务器TCP3269全局编录服务器TCP3268LDAP服务器TCP389LDAP服务器UDP389L