is launched, Click below image to access it is launched, Click below image to access it
Technology and Entertainment Blog

Troubleshoot Active Directory communications issues

Title: Troubleshoot Active Directory communications issues


Active Directory (AD) is a complex product and requires a complex chain of communications for proper operation. There are really a few basic, common sequences of communication:

> Logon traffic—This category includes computers logging on to the domain in addition to user logons.

> Ticket request traffic—This type of communication occurs whenever clients need to access a new domain resource.

> Replication traffic—This type of communication occurs periodically between domain controllers and involves both intra-site and inter-site replication.

Additional traffic can occur when clients attempt to look up cross-domain references by contacting a Global Catalog (GC) server. Clients might contact GCs for other reasons, such as during the logon process, to resolve Exchange 200x Address Book lookups, and more. Troubleshooting this traffic can be difficult. Kerberos traffic, for example, is always encrypted using temporary encryption keys established between the Key Distribution

Center (KDC— domain controller) and clients. Even simple Lightweight Directory Access

Protocol (LDAP) queries to GC servers or domain controllers are generally encrypted by

Secure Sockets Layer (SSL) encryption, particularly in Windows Server 2003, in which

LDAP over SSL is the default.

Most AD communications will appear as TCP, and you‘ll need to look at the source port used by the server or the destination port used by the client to determine the traffic.

Active Directory related TCP and/or UDP ports:

• 88—Kerberos
• 135—Remote procedure call (RPC) endpoint mapper
• 53—Domain Name System (DNS)
• 137—NetBIOS name server
• 139—NetBIOS session service
• 389—LDAP query
• 445—Server Message Blocks (SMBs)
• 636—Secure LDAP (LDAP over SSL)
• 3268—GC LDAP
• 3269—Secure GC (LDAP over SSL)

Keyword: troubleshoot ad issues

No comments: