Server Addresses and Firewall Configuration Information for Using Active Directory

This is a comprehensive list of the servers, including specific ports, which must be open in your firewall in order to access UMROOT Active Directory servers.

Easiest Firewall Option—Use IP Address Ranges

The easiest option for configuring firewalls to allow your computers to access UMROOT is to open your firewall to the following networks on all ports:

  • 141.211.91.0/26
  • 141.213.238.128/26
  • 141.213.143.128/26

Server Names and Addresses for U-M Forest Infrastructure 

If you need to configure your firewall more narrowly, the following are the server names and IP addresses to allow connection to the U-M Windows Forest

UMROOT Read/Write Domain Controllers, Global Catalogs

If possible, please use the CNAME: adsroot.itcs.umich.edu 

The individual server names and addresses are:

  • its-dc01.adsroot.itcs.umich.edu — 141.211.91.45
  • its-dc02.adsroot.itcs.umich.edu — 141.211.91.55
  • its-dc03.adsroot.itcs.umich.edu — 141.213.238.145
  • its-dc04.adsroot.itcs.umich.edu — 141.213.238.155
  • its-umd-dc01.adsroot.itcs.umich.edu — 141.215.60.70
  • its-umd-dc02.adsroot.itcs.umich.edu — 141.215.60.71

The following ports are open to campus on the U-M domain controllers, and your network will need to be open to all of them. You may also need RPC ports open (1024 > 65536)

  • 53 (DNS) TCP
  • 53 (DNS) UDP
  • 88 (Kerberos) TCP
  • 88 (Kerberos) UDP
  • 123 (NTP) UDP
  • 135 (RPC endpoint mapper/DCOM) TCP
  • 137 (NetBIOS name service) TCP
  • 137 (NetBIOS name service) UDP
  • 138 (NetBIOS datagram service) UDP
  • 139 (NetBIOS session service) TCP
  • 389 (LDAP) TCP
  • 389 (LDAP) UDP
  • 445 (SMB) TCP
  • 464 (Kerberos Password Change) TCP
  • 464 (Kerberos Password Change) UDP
  • 636 (LDAP over SSL) TCP
  • 3268 (Global Catalog) TCP
  • 3269 (Global Catalog over SSL) TCP

UMROOT WINS Servers

  • 141.211.76.103
  • 141.211.21.102

Campus DNS Servers

Please use the campus DNS servers if possible, not UMROOT DNS servers.

  • 10.10.10.10
  • 10.10.5.5

UMROOT DNS Servers (use only if needed)

Use the UMROOT DNS servers in place of the campus DNS servers only if you have no alternative.

  • 141.211.91.45
  • 141.211.91.55
  • 141.213.238.145
  • 141.213.238.155

UMROOT Terminal Server Licensing Servers

  • rdsl01.adsroot.itcs.umich.edu — 141.211.7.253
  • rdsl02.adsroot.itcs.umich.edu — 141.211.21.98

UMROOT/Campus KMS Servers

Open TCP/1688 from clients/servers to the KMS servers.

Please use the CNAME and not individual IP addresses for configuration:

  • CNAME: mskms.umich.edu
  • 141.211.21.99
  • 141.211.76.100

UMROOT PKI Server

  • pki02.adsroot.itcs.umich.edu — 141.211.143.144

For a detailed discussion of the network port requirements for Windows, please see the following Microsoft knowledgebase article: Service overview and network port requirements for the Windows Server system

Last Updated: 
Monday, November 26, 2018