Campus Active Directory - Firewall and Network Information
Firewalls should be configured to allow traffic to and from the Campus Active Directory domain controllers.
Domain Controller Information
The Campus Active directory's production domain is: ad.wisc.edu
The domain controller IP addresses for each domain are:
ad.wisc.edu | |||
CADSDC-PROD-01.ad.wisc.edu | 144.92.104.44 | ||
CADSDC-PROD-02.ad.wisc.edu | 144.92.74.87 | ||
CADSDC-PROD-03.ad.wisc.edu | 144.92.104.17 | ||
CADSDC-PROD-04.ad.wisc.edu | 144.92.74.63 | ||
CADSDC-PROD-05.ad.wisc.edu | 144.92.104.18 | ||
CADSDC-PROD-06.ad.wisc.edu | 144.92.74.69 | ||
Common Ports Used by Active Directory
Active Directory makes use of several ports, so it is easier to allow all traffic from the domain controllers, which should not pose a significant security risk (especially considering that the service can only be accessed via the campus network). However, if you want to restrict communication to specific ports, here is a list of commonly used ports in Active Directory:
Service Name | Ports |
---|---|
RPC endpoint mapper | 135/TCP, 135/UDP |
RPC dynamic assignment | 1024-65535/TCP |
IKE, Internet Key Exchange | 500/UDP |
IPSec over TCP | 4500/TCP |
IPSec ESP, Encapsulated Security Payload | IP protocol 50 |
SMB over IP (Microsoft-DS) | 445/TCP, 445/UDP |
LDAP | 389/TCP |
LDAP over SSL | 636/TCP |
Global catalog LDAP over SSL | 3269/TCP |
Kerberos | 88/TCP, 88/UDP |
Kpassd | 464/TCP, 464/UDP |
Domain Name Service (DNS) | 53/TCP, 53/UDP |
AD Web Service | 9389/TCP |
Network Connectivity
The Campus Active Directory service can only be accessed within the campus network or the WiscVPN service. Exceptions to this rule cannot be made.