Support dynamic RPC endpoints for domain controller traffic in NSGs
Please consider adding dynamic endpoint support in Network Security Group (NSG) to support Domain Controller traffic between subnets. Basically approve specific traffic types between subnets.
Thanks for the input. We will consider adding this feature to our roadmap.
You can join it, but will have problems since RPC traffic gets blocked, and there is no specific port we can whitelist to prevent this issue.
Currently it seems to be impossible to join a computer in a DMZ to a domain with a DC in a different subnet, without allowing all traffic between the DMZ/computer and the DC. That would seem to be a problem.
Mario Lopez [MSFT] commented
Thanks for the input. We’ll certainly consider adding this feature for NSGs roadmap
Could you provide more details on the exact scenario you are hoping to accomplish?