PTA代理如何与本地AD通信? [英] How does the PTA agent communicate with the on-prem AD?

问题描述

嗨！

作为M365顾问，我正在与具有相当复杂的本地AD架构的客户端一起工作，我试图了解PTA代理如何根据

As an M365 Consultant I´m working with a client that has a rather complex on-prem AD architecture and I am trying to understand how the PTA Agent communicates with the on-prem AD according to https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive#process-sign-in-requests step 8-9 , that being which ports and protocols being used?

BR

Jonas

推荐答案

你好乔纳斯，

您是指安装PTA代理的服务器与AD之间使用的端口吗?

Are you referring to the ports used between the servers where the PTA agents are installed and AD ? 

PTA代理安装在加入域的计算机上，并且从服务器调用LogonUser API以针对AD验证密码.这类似于从安装PTA代理的服务器到DC的Kerberos客户端登录.

The PTA agent is installed on a domain joined machine and  calls the LogonUser API from the server to validate the password against the AD. This is similar to a Kerberos client side login to a DC from the server where the PTA agent is installed.

PTA代理使用端口443和80，并通过HTTPS与Azure AD进行通信.查看这篇文章以了解更多 详细信息.

PTA agents use port 443 and 80 and communicate using HTTPS with Azure AD. Check this article for more details.

这篇关于PTA代理如何与本地AD通信?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！