Active Directory Connectivity Requirements

NIOS-X Server connects to Microsoft Active Directory server using RPC calls over TCP/IP. In Windows Server 2003, RPC uses the dynamic port range 1025-5000, by default. In Windows Server 2008, RPC uses the dynamic port range 49152-65535, by default.

You can reduce the number of available ports as follows:

• In Windows Server 2003, use the rpccfg.exe tool. For information, refer to http://support.microsoft.com/kb/908472 .

• In Windows Server 2008 and later, use the netsh tool. For information, refer to http://support.microsoft.com/kb/929851.
  
  

You must configure your enterprise firewall to allow incoming connections from the NIOS-X server IP so it can connect to the Microsoft Active Directory Server within your network. The minimum number of ports required in the range is 255. Note that TCP ports 135 and 445 must be open on the Microsoft server, in addition to the dynamic port range. Ports 135 and 445 are used by the port mapper interface, which is a service on the Microsoft server that provides information to clients on which port to use to connect to a specific service, such as the service that allows the management of the DNS service.

To know more about how to force ports to use certain ports and then secure those ports by using IPsec see https://support.microsoft.com/en-us/topic/how-to-configure-rpc-to-use-certain-ports-and-how-to-help-secure-those-ports-by-using-ipsec-2a94b798-063a-479a-8452-9cf07ac613d9.