Domain Join Ports

Hello Morpheus team,

Please refer to the screenshot; this feature is accessible under Infrastructure > Network > Domain. I would like to understand which connectivity port this feature uses to contact Active Directory for object creation and instance domain joining. Could you provide insights into how this feature functions? I am aware that the service account used for this purpose should have access to the Active Directory Organizational Unit (OU) to create objects and join systems to the domain. However, there are instances when I need to coordinate with the network team to open ports for Active Directory connectivity from my Morpheus appliance, especially when new subnets are created in the public cloud.

I appreciate any quick responses over my query please.

The domain join process is a PowerShell task that is initiated from the deployed VM utilizing the standard Add-Computer cmdlet. I found this serverfault URL that seems to answer the requirements:

The firewall rules you need to configure in order to allow domain joining are the following:

  • Server LAN to Client LAN – Only allow Ping Traffics (ICMP Type 8, Code:255)
  • Client LAN to Server LAN – Only allow:
    • TCP : 88, 135, 139, 389, 445, 49152-65535 (High Ports)
    • UDP : 53, 123, 137, 138, 389, 123, 49152-65536 (High Ports)

This configuration has been reportedly tested on lab by Mr Yong Kam Wah, for full details see his blog post Firewall Ports Required to Join AD Domain

The full list of ports needed by Active Directory is detailed in this Microsoft document: Active Directory and Active Directory Domain Services Port Requirements

Thank you, this helped.

1 Like