Sunday, September 20, 2020

Why is my server attempting LDAP connections to another domain's DCs

Hey al,

Something that has kind of been plaguing me and I want to understand what specifically is going on. My network at work is separated from our corporate network. If this is of importance, we do have a one-way incoming trust with them. There is a firewall between our site and the corporate network.

I'm using our maintenance / patching server (Ivanti Security Controls, but udp/389 is not a requirement), which at the current moment is attempting to scan machines in the corporate network that we still maintain. While investigating things, I do see that there are numerous requests on UDP/389 going to various domain controllers in the corporate environment..

  • What is happening that this server is attempting to reach out to various domain controllers?
  • If this connectivity is required, is it possible to limit which domain controllers that this specific machine will attempt to access udp/389?

Thanks for helping me learn. :)



No comments:

Post a Comment