问题描述
嗨!
作为M365顾问,我正在与具有相当复杂的本地AD架构的客户端一起工作,我试图了解PTA代理如何根据 https://docs.microsoft.com/zh-cn/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive#process-sign-in-requests 步骤8-9,说明正在使用哪些端口和协议?
BR
乔纳斯(Jonas)
As an M365 Consultant I´m working with a client that has a rather complex on-prem AD architecture and I am trying to understand how the PTA Agent communicates with the on-prem AD according to https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive#process-sign-in-requests step 8-9 , that being which ports and protocols being used?
BR
Jonas
推荐答案
您是指安装PTA代理的服务器与AD之间使用的端口吗?
Are you referring to the ports used between the servers where the PTA agents are installed and AD ?
PTA代理安装在加入域的计算机上,并且从服务器调用LogonUser API以针对AD验证密码.这类似于从安装PTA代理的服务器到DC的Kerberos客户端登录.
The PTA agent is installed on a domain joined machine and calls the LogonUser API from the server to validate the password against the AD. This is similar to a Kerberos client side login to a DC from the server where the PTA agent is installed.
PTA代理使用端口443和80,并通过HTTPS与Azure AD进行通信.查看这篇文章以了解更多详细信息.
PTA agents use port 443 and 80 and communicate using HTTPS with Azure AD. Check this article for moredetails.
这篇关于PTA代理如何与本地AD通信?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!