Campus Active Directory - Firewall and Network Information
Firewalls should be configured to allow traffic to and from the Campus Active Directory domain controllers.
Domain Controller Information
The Campus Active directory's production domain is: ad.wisc.edu
The domain controller IP addresses for each domain are:
| ad.wisc.edu | |||
| CADSDC-PROD-01.ad.wisc.edu | 144.92.104.44 | ||
| CADSDC-PROD-02.ad.wisc.edu | 144.92.74.87 | ||
| CADSDC-PROD-03.ad.wisc.edu | 144.92.104.17 | ||
| CADSDC-PROD-04.ad.wisc.edu | 144.92.74.63 | ||
| CADSDC-PROD-05.ad.wisc.edu | 144.92.104.18 | ||
| CADSDC-PROD-06.ad.wisc.edu | 144.92.74.69 | ||
Common Ports Used by Active Directory
Active Directory makes use of several ports, so it is easier to allow all traffic from the domain controllers, which should not pose a significant security risk (especially considering that the service can only be accessed via the campus network). However, if you want to restrict communication to specific ports, here is a list of commonly used ports in Active Directory:
| Service Name | Ports |
|---|---|
| RPC endpoint mapper | 135/TCP, 135/UDP |
| RPC dynamic assignment | 1024-65535/TCP |
| IKE, Internet Key Exchange | 500/UDP |
| IPSec over TCP | 4500/TCP |
| IPSec ESP, Encapsulated Security Payload | IP protocol 50 |
| SMB over IP (Microsoft-DS) | 445/TCP, 445/UDP |
| LDAP | 389/TCP |
| LDAP over SSL | 636/TCP |
| Global catalog LDAP over SSL | 3269/TCP |
| Kerberos | 88/TCP, 88/UDP |
| Kpassd | 464/TCP, 464/UDP |
| Domain Name Service (DNS) | 53/TCP, 53/UDP |
| AD Web Service | 9389/TCP |
Network Connectivity
The Campus Active Directory service can only be accessed within the campus network or the WiscVPN service. Exceptions to this rule cannot be made.