Onze topologie
fig 1. Skype for Business resource forest topology
One-way of Two-way trust relationship?
One-way trust | Two-way trust | |
---|---|---|
Gebruikers toevoegen | Handmatig | Automatisch |
Security | Optimaal | Sub-Optimaal, softapp kan gebruikers uitlezen uit uw domein |
Security
Open de volgende poorten in de firewall richting 192.168.184.0/24
Client Port(s) | Server Port | Service |
---|---|---|
49152 -65535/UDP | 123/UDP | W32Time |
49152 -65535/TCP | 135/TCP | RPC Endpoint Mapper |
49152 -65535/TCP | 464/TCP/UDP | Kerberos password change |
49152 -65535/TCP | 49152-65535/TCP | RPC for LSA, SAM, Netlogon (*) |
49152 -65535/TCP/UDP | 389/TCP/UDP | LDAP |
49152 -65535/TCP | 636/TCP | LDAP SSL |
49152 -65535/TCP | 3268/TCP | LDAP GC |
49152 -65535/TCP | 3269/TCP | LDAP GC SSL |
53, 49152 -65535/TCP/UDP | 53/TCP/UDP | DNS |
49152 -65535/TCP | 49152 -65535/TCP | FRS RPC (*) |
49152 -65535/TCP/UDP | 88/TCP/UDP | Kerberos |
49152 -65535/TCP/UDP | 445/TCP | SMB (**) |
49152 -65535/TCP | 49152-65535/TCP | DFSR RPC (*) |
(*) For information about how to define RPC server ports that are used by the LSA RPC services, see the following Microsoft Knowledge Base articles:
- 224196: Restricting Active Directory replication traffic and client RPC traffic to a specific port
- "Domain controllers and Active Directory" section in 832017: Service overview and network port requirements for the Windows Server system
(**) For the operation of the trust this port is not required, it is used for trust creation only.
Note: External trust 123/UDP is only needed if you have manually configured the Windows Time Service to Sync with a server across the external trust.