You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-netapp-files/understand-guidelines-active-directory-domain-service-site.md
+21-19Lines changed: 21 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,29 +37,31 @@ Ensure that you meet the following requirements about network topology and confi
37
37
* Ensure that AD DS domain controllers have network connectivity from the Azure NetApp Files delegated subnet hosting the Azure NetApp Files volumes.
38
38
* Peered virtual network topologies with AD DS domain controllers must have peering configured correctly to support Azure NetApp Files to AD DS domain controller network connectivity.
39
39
* Network Security Groups (NSGs) and AD DS domain controller firewalls must have appropriately configured rules to support Azure NetApp Files connectivity to AD DS and DNS.
40
-
* Ensure that the latency is less than 10 ms RTT between Azure NetApp Files and AD DS domain controllers.
40
+
* Ensure that the network latency is less than 10 ms RTT between Azure NetApp Files and AD DS domain controllers.
41
+
42
+
For more information on Microsoft Active Directory requirements for network latency over a WAN, see
43
+
[Creating a Site Design](/windows-server/identity/ad-ds/plan/creating-a-site-design).
41
44
42
45
The required network ports are as follows:
43
46
44
-
| Service |Port|Protocol|
47
+
| Service |Ports|Protocols|
45
48
| -- | - | - |
46
-
|AD Web Services | 9389 | TCP |
47
-
| DNS*| 53 | TCP |
48
-
| DNS*| 53 | UDP |
49
-
| ICMPv4 | N/A | Echo Reply |
50
-
| Kerberos | 464 | TCP |
51
-
| Kerberos | 464 | UDP |
52
-
| Kerberos | 88 | TCP |
53
-
| Kerberos | 88 | UDP |
54
-
| LDAP | 389 | TCP |
55
-
| LDAP | 389 | UDP |
56
-
| LDAP | 389 | TLS |
57
-
| LDAP | 3268 | TCP |
58
-
| NetBIOS name | 138 | UDP |
59
-
| SAM/LSA | 445 | TCP |
60
-
| SAM/LSA | 445 | UDP |
61
-
62
-
*DNS running on AD DS domain controller
49
+
| ICMPv4 (ping) | N/A | Echo Reply |
50
+
| DNS*| 53 | TCP, UDP |
51
+
| Kerberos | 88 | TCP, UDP |
52
+
| NetBIOS Datagram Service | 138 | UDP |
53
+
| NetBIOS | 139 | UDP |
54
+
| LDAP**| 389 | TCP, UDP |
55
+
| SAM/LSA/SMB | 445 | TCP, UDP |
56
+
| Kerberos (kpasswd) | 464 | TCP, UDP |
57
+
| Active Directory Global Catalog | 3268 | TCP |
58
+
| Active Directory Secure Global Catalog | 3269 | TCP |
59
+
| Active Directory Web Service | 9389 | TCP |
60
+
61
+
\* Active Directory DNS only
62
+
63
+
64
+
\*\* LDAP over SSL (port 636) isn't currently supported. Instead, use [LDAP over StartTLS](configure-ldap-over-tls.md) (port 389) to encrypt LDAP traffic.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments