Active Directory communication involves the following ports and as a system administrator, you must be familiar with some of the following ports already. In this article, we will discuss the Service and Network Port requirements for Active Directory. You may want to see the following related guides: Pass-Through Authentication with on-Premise AD, reasons to deploy AAD, Microsoft Azure Active Directory: How to setup Azure AD Tenant, and how to set up an Azure AD Tenant, and how to add a custom domain in the Azure Active directory.
Enterprises use Active Directory for authentication, server and workstation management, group policy management, etc. In this guide, the most important network ports, protocols, and services used by Microsoft client and server operating systems. And their subcomponents are listed in the table below.
If you enable the Windows Firewall or if there is an external Firewall for your Active Directory Domain Services (ADDS) in this case Domain Controller Server. You need to set up the allowed port for Domain Controller correctly. The table below will show you all ports that are needed for the domain controller.
Network Port Security for Microsoft Server Products
Microsoft server products use a variety of network ports and protocols to communicate with client systems and with other server systems over the network.
You need dedicated firewalls, host-based firewalls, and IPSec filters to secure your network. If you configure these technologies to block ports and protocols a specific server uses, it won’t respond to client requests.
| Application protocol | Protocol | Ports |
|---|---|---|
| Active Directory Web Services (ADWS) | TCP | 9389 |
| Active Directory Management Gateway Service | TCP | 9389 |
| Global Catalog | TCP | 3269 |
| Global Catalog | TCP | 3268 |
| ICMP | No port number | |
| Lightweight Directory Access Protocol (LDAP) Server | TCP | 389 |
| LDAP Server | UDP | 389 |
| LDAP SSL | TCP | 636 |
| IPsec ISAKMP | UDP | 500 |
| NAT-T | UDP | 4500 |
| RPC | TCP | 135 |
| RPC randomly allocated high TCP ports¹ | TCP | 1024 – 5000 49152 – 65535² |
| SMB | TCP | 445 |
The LSASS process runs Active Directory. This requires specific port connections between domain controllers and client servers on TCP ports 1024 to 65535. You may want to learn more here.
I hope you found this blog post on the “Service and Network Port requirements for Active Directory” helpful. Please let me know in the comment session if you have any questions.
