Configure DMZ server ports for Active Directory integrations

If you installed the Okta Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. on a DMZ server, you need to open the following ports:

In addition, you must open your DCOM RPC ports. In addition to TCP 135, Microsoft RPC (MS-RPC) uses randomly generated ports from TCP 49152-65535 for Vista/2008 and above. These ports are also known as "random RPC ports." RPC clients use the RPC Endpoint Mapper (EPM) which runs on TCP135 to tell them which dynamic ports were assigned to the server.

For detailed information on configuring your ports on a DMZ server, see Microsoft Support. For more information on the required network ports, see Service overview and network port requirements for Windows. For more information on random RPC ports, see How to configure RPC dynamic port allocation to work with firewalls.