A. The AD tools use Lightweight Directory Access Protocol (LDAP), which by default operates on port 389, to contact the directory service servers. If you enable TCP/IP filtering, block port 389, and keep only port 80 open for Web page communication, you might encounter the following problems when you attempt to access AD MMC snap-ins:

  • When you attempt to start the MMC Active Directory Users and Computers snap-in, you receive an error message that reads
    "Naming Information cannot be located because: The Server is not operational.
    Contact your system administrator to verify that your domain is properly configured and is currently online."
  • When you attempt to start the MMC Active Directory Sites and Services snap-in, you receive an error message that reads
    "Naming Information cannot be located because: The server is not operational.
    Contact your system administrator to verify that your domain is properly configured and is currently online."
  • When you attempt to start the MMC Active Directory Domains and Trusts snap-in, you receive an error message that reads "The configuration information describing this enterprise is not available. The server is not operational."
  • Log on processing is very slow.

To resolve these errors, perform the following steps:

  1. From the Control Panel, open the Network Connections applet, select the network adapter from the list, right-click the network adapter, and select Properties.
  2. From the General tab, select Internet Protocol (TCP/IP), then click Properties.
  3. Click the Advanced button.
  4. Select the Options tab.
  5. Select "TCP/IP filtering", then click Properties.
  6. For "TCP Ports", select "Permit All."
  7. Click OK to close all dialog boxes.
  8. Restart the computer for the changes to take effect.