How to Configure Active Directory Network Security Groups and Firewall Rules in Azure using Terraform

18 min readJan 19

This story will list all the ports required to communicate with Active Directory Domain Controllers and how to create network security groups and firewall rules using Terraform to secure communications to AD Domain Controllers.

We are going to talk about the following:

Description of Ports used by Active Directory
List of ports used required for Client Machines to connect to AD Domain Controllers
Terraform Code to Create Azure Network Security Groups (NSGs) for Clients to AD Domain Controllers
List of ports used for communication between AD Domain Controllers
Terraform Code to Create Azure Network Security Groups (NSGs) for communication between AD Domain Controllers

Description of Ports

Below is the list of all ports in the Active Directory with a short description of the role.

53 — TCP/UDP — DNS: map IP addresses to host names. Client machines use DNS to locate resource records in the domain and look up external domain names.
88 — TCP/UDP-Kerberos: This authentication protocol authenticates requests between a client and server securely.
123 — UDP — W32Time/NTP: the Windows Time system service maintains date and time synchronization on all the computers on a network that are running Windows. This service uses Network Time Protocol (NTP) to synchronize computer clocks so that an accurate clock value, or time stamp, is assigned for network validation and resource access requests.
135 — TCP/UDP — Microsoft RPC Endpoint Mapper: this port is used by many Microsoft services (check the full of services here). First, the client connects to the RPC mapper service and asks the mapper what port a given service is listening on. The RPC mapper responds to the client with the port, and then the client connects to that port.
137 — UDP — NetBIOS Name Resolution: used by NetLogon and NetBIOS Name Resolution.
138 — UDP — NetBIOS Datagram Service: used by the SYSVOL replication service to replicate contents of the SYSVOL folder…

How to Configure Active Directory Network Security Groups and Firewall Rules in Azure using Terraform

Description of Ports

Written by Guillermo Musumeci

More from Guillermo Musumeci

How to Detect Versions of .NET Framework and .NET Core Installed in your Windows Machine

In this story, we will learn how to detect the version of .NET Core and .NET Framework installed on your Windows machine.

How to Import an Existing Azure Resource in Terraform

In this story, we will learn how to import an existing Azure Resource in Terraform.

How to Configure Azure Databricks Unity Catalog with Terraform — Part 1

In this story, we will learn how to configure Azure Databricks Unity Catalog with Terraform.

Using Private Endpoint in Azure Storage Account with Terraform

In this story, we will learn how to enable Private Endpoint in Azure Storage Accounts with Terraform.

Recommended from Medium

Elevating Privileges Through Azure Policy

IAM & RBAC & Resource Group for Azure — Day 2

Role Based Access Control is defines my Microsoft in such words ;

Lists

ChatGPT

Generative AI Recommended Reading

New_Reading_List

Natural Language Processing

Loops in Terraform: Key to Clean and Efficient Code

In this article, we are going to explore the power of loops in Terraform. If you already have experience with any other programming…

Accessing Azure Key Vault Secrets with Azure Functions

Introduction What is Azure Key Vault?

Azure Cloud Migration

What is cloud migration?

Hub & Spoke Architecture and Landing Zones on Azure Cloud

In this article we will talk about Hub & Spoke Architecture, Landing Zones and how they are merged together. At the end of this lecture…