Active Directory Ports: Service and network port requirements for Windows


Active Directory communication involves the following ports and as a system administrator, you must be familiar with some of the following ports already. Enterprises use Active Directory for authentication, server and workstation management, group policy management, etc. In this guide, the most important network ports, protocols, and services used by Microsoft client and server operating systems, and their subcomponents are listed in the table below. You may want to see the following related guides: Pass-Through Authentication with on-Premise AD, reasons to deploy AADMicrosoft Azure Active Directory: How to setup Azure AD Tenant, and how to set up an Azure AD Tenant,  and how to add a custom domain in the Azure Active directory.

If you enable the Windows Firewall or if there is an external Firewall for your Active Directory Domain Services (ADDS) in this case Domain Controller Server, you need to set up the allowed port for Domain Controller correctly. The table below will show you all ports that needed for domain controller.

Microsoft server products use a variety of network ports and protocols to communicate with client systems and with other server systems over the network. Dedicated firewalls, host-based firewalls, and Internet Protocol security (IPSec) filters are other important components that are required to help secure your network. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests.

Application protocolProtocolPorts
Active Directory Web Services (ADWS)TCP9389
Active Directory Management Gateway ServiceTCP9389
Global CatalogTCP3269
Global CatalogTCP3268
ICMPNo port number
Lightweight Directory Access Protocol (LDAP) ServerTCP389
LDAP ServerUDP389
RPC randomly allocated high TCP ports¹TCP1024 – 5000
49152 – 65535²

Active Directory runs under the LSASS process and in addition, a range of ephemeral TCP ports between 1024 and 65535, the domain controller and the client computing application servers need to be hard-coded network connection through a specific port Directory the Active. You may want to see visit this link for more information.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x