what happens when you install a domian controller part 1

Every JR windows system administrator know that if the give the command dcpromo.exe or install the active directory domain services roll the server will be a domain controller, and hopefully the understand all the technical issues behind this feature. But what actually happens when u see the animations of the pencil writing in the book what is going on in the background ?

What happens when the adds roll/dcpromo is installed

Files and folders that are created

%systemroot%\ndts

%systemroot%\sysvol

%systemroot%\system32\netlogon.dbn

%systemroot%\system32\config\netlogon.dns

%systemroot%\system32\config\systemprofile is unlocked

Firewall

Incoming Rules

ICMP PING v4 v6 any any

LDAP TCP port 389 any any

LDAP UDP port 389 any any

LDAP for global catalog port TCP 3268 any any

Netbios port UDP 138  any any

SAM/LSA UDP port 445  any any

SAM/LSA TCP port 445 any any

SLDAP TCP port 636 any any

SLDAP for global catalog port 3269 any any

W32 Time UDP port 123 any any

AD RDP Domain controller (RDP) TCP Port Dynamic RDP Ports any any

AD RDP Domain controller (RDP-EPMAP) TCP  Dynamic RDP Ports any any

AD Web Services TCP Port 9389 any any

Data Replication TCP Port Dynamic RPC any any

Data Replication (RPC-EPMAP)  TCP Port Dynamic RPC any any

DFS-Replication (RPC-EPMAP) TCP Port RPC any any

DFS-Replication (RPC-IN) TCP Port Dynamic RPC any any

Kerberos Key Distribution Center PCR  TCP Port 464 any any

Kerberos Key Distribution Center PCR  UDP Port 464 any any

RPC TCP Port TCP Dynamic RPC  any any 

RPC End Point assigment TCP RPC  any any

Outgoing Rules

Active Directory Domian Controller ICMP v4 v6 any any

Active Directroy Domain Controller TCP port  6 any any

Active Directroy Domain Controller UDP port 17 any any

Windows Management Instrumentation TCP 6 port any any

Services

Active Directroy Domian service

Active Directroy web service

DFS-Namespace

DFS-Replication