Are you setting up a router or a firewall, perhaps setting up a domain trust, connecting some Forests, or remotely managing your environment, and you need to know what ports must be opened for (Active Directory, MOM, SMTP, whatever…) to work?
We have a KB article for that:
KB 832017Service overview and network port requirements for the Windows Server system
For example, the following port are needed for Active Directory:
Active Directory (Local Security Authority)
Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephemeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in the following article in the Microsoft Knowledge Base:
224196 (http://support.microsoft.com/kb/224196/) Restricting Active Directory replication traffic and client RPC traffic to a specific port
Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP. System service name: LSASS
Global Catalog Server
RPC randomly allocated high TCP ports
1024 - 65536
The article is updated regularly, and is very handy to have bookmarked!
Need to know what port to open to allow updates to happen over a MPLS network...
The type of network should not play a role. MPLS should perform the same as an analog modem WAN Link. The same list of ports should apply.