AD NS provider - what ports required open on firewall?
An Active Directory (AD) domain is connected and a request made to open the firewall on these ports: 389,636,88,135, 464.
The domain is configured with 389 as SSL connection is currently not possible.
Account creation, update and deletion works fine. But set and update a user password failed with error message:
"RPC server is not online."
The Jobservice is running under a service account of another forest. The target domain is connected with a target domain based account.
Is RPC the normal approach to set a user password?
Identity Manager uses the DirectoryEntry.Invoke("SetPassword") method, which requires port TCP/UDP 445.
Ensure that port 445 is open on the firewall to allow for password changes.
"DirectoryEntry.Invoke() requires AuthenticationType.Secure. What this means is that it needs to be able to authenticate the request via Kerberos or NTLM.
It attempts to use LDAPS (TCP 636) first, then falls back to CiFS (TCP445) if/when it times out or fails because of a missing or invalid certificate. If neither of these ports are open, it will fail with an "RPC Server unavailable" exception."