Active Directory communication involves the following ports and as a system administrator, you must be familiar with some of the following ports already. Enterprises use Active Directory for authentication, server and workstation management, group policy management, etc. In this guide, the most important network ports, protocols, and services used by Microsoft client and server operating systems, and their subcomponents are listed in the table below. You may want to see the following related guides: Pass-Through Authentication with on-Premise AD, reasons to deploy AAD, Microsoft Azure Active Directory: How to setup Azure AD Tenant, and how to set up an Azure AD Tenant, and how to add a custom domain in the Azure Active directory.
If you enable the Windows Firewall or if there is an external Firewall for your Active Directory Domain Services (ADDS) in this case Domain Controller Server, you need to set up the allowed port for Domain Controller correctly. The table below will show you all ports that are needed for the domain controller.
Microsoft server products use a variety of network ports and protocols to communicate with client systems and with other server systems over the network. Dedicated firewalls, host-based firewalls, and Internet Protocol security (IPSec) filters are other important components that are required to help secure your network. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests.
| Application protocol | Protocol | Ports |
|---|---|---|
| Active Directory Web Services (ADWS) | TCP | 9389 |
| Active Directory Management Gateway Service | TCP | 9389 |
| Global Catalog | TCP | 3269 |
| Global Catalog | TCP | 3268 |
| ICMP | No port number | |
| Lightweight Directory Access Protocol (LDAP) Server | TCP | 389 |
| LDAP Server | UDP | 389 |
| LDAP SSL | TCP | 636 |
| IPsec ISAKMP | UDP | 500 |
| NAT-T | UDP | 4500 |
| RPC | TCP | 135 |
| RPC randomly allocated high TCP ports¹ | TCP | 1024 – 5000 49152 – 65535² |
| SMB | TCP | 445 |
Active Directory runs under the LSASS process and in addition, a range of ephemeral TCP ports between 1024 and 65535, the domain controller, and the client computing application servers need to be hard-coded network connection through a specific port Directory the Active. You may want to see visit this link for more information.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.
