Mixed versus Native Mode Windows 2000 Domain Ports

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Mixed versus Native Mode Windows 2000 Domain is more that presence of NT domain controllers.

Native vs mixed mode Windows 2000 domains involve much more that whether NT BDC can be used. If you have firewalls within your enterprise you need to know what protocols and ports are used to communicate between servers and clients in each mode.

Native mode ports and functions

PORTS FUNCTION
TCP 53 DNS
UDP/TCP 389 LDAP
UDP/TCP 500 ISAKMP/Oakley negotiation traffic (IPSec)
UDP/TCP 636 LDAP (over TLS/SSL)
UDP 88 Kerberos
UDP/TCP 750, 751 Kerberos Authentication
UDP 752 Kerberos Password Server
UDP 753 Kerberos User Registration Server
TCP 522 User Location Store
TCP 754 Kerberos Slave Propagation
TCP 888 Logon and Environment Passing
TCP Dynamic Directory Replication
TCP 2053 Kerberos de-multiplexor (Kerberos V4)
TCP 2105 Kerberos encrypted login
TCP 3268 Global Catalog
TCP 3269 Global Catalog

If you have NT clients or servers you will have to allow the above ports plus the ports needed for mixed mode domains:

PORTS FUNCTION
UDP: 53 DNS Resolution
UDP: 67, 68 DHCP Lease
UDP: 137, 138 Browsing
UDP: 137, 138/TCP: 139 Logon Sequence
UDP: 137, 138/TCP: 139 Pass-Through Validation
UDP: 137, 138/TCP: 139 Printing
UDP: 137, 138/TCP: 139 Trusts
UDP: 137, 138/TCP: 139 WinNT Secure Channel
UDP: 138/TCP: 139 Directory Replication
UDP: 138 NetLogon
TCP: 42 WINS Replication
TCP: 135 DHCP Manager, DNS Administration, WINS Manager
TCP: 137 WINS Registration
TCP: 139 Event Viewer, File Sharing, Performance Monitor,
Registry Editor, Server Manager, User Manager,
WinNT Diagnostics
Related tips:

See Also

Featured Links