Azure AD Connect和本地AD-自定义端口 [英] Azure AD Connect and On-premises AD - custom ports

问题描述

大家好，

Hello All,

(可选)如果客户未减小动态端口范围，并且在成功完成AAD连接初始配置后，以后是否可以禁用这些端口，如果可以，则是否有任何效果从AD导入数据?
问候，
Dheevar Paralkar.

Optionally, if a customer does not reduce the dynamic port range and after the initial successful AAD connect configuration, can the ports be later disabled and if yes will there be any effect on data import from AD?
Regards,
Dheevar Paralkar.

推荐答案

是的，AD Connect应该能够建立初始连接.

Yes, AD Connect should be able to establish the initial connection. 

您将在VM的防火墙规则和Azure本身中设置端口.https://docs.microsoft.com/zh-cn/azure/active-directory/hybrid/reference-connect-ports

You would set the ports in the firewall rules for the VM and in Azure itself. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports

您以后可以禁用端口，但是如果您的最小值太低，则可能会影响您的服务.

You can later disable the ports but it may affect your service if your minimum is too low.

所需的最小端口数可能因计算机而异.如果限制了RPC动态端口，则流量较高的计算机可能会陷入端口耗尽的状况.限制端口范围时要考虑到这一点.

The minimum number of ports required may differ from computer to computer. Computers with higher traffic may run into a port exhaustion situation if the RPC dynamic ports are restricted. Take this into consideration when restricting the port range.

请参阅此文档，我认为它将回答您的所有问题. https://support.microsoft.com/zh-CN/help/154596/how-to-configure-rpc-dynamic-port-allocation-to-work-with-firewalls

See this document, which I think will answer all of your questions. https://support.microsoft.com/en-us/help/154596/how-to-configure-rpc-dynamic-port-allocation-to-work-with-firewalls

这篇关于Azure AD Connect和本地AD-自定义端口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！