Active Directory uses several ports for communication between domain controllers and clients. These ports are required both by client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.

  • 53- DNS
  • 88- Kerberos
  • 123- Time Service
  • 135- for domain controllers-to-domain controller and client to domain controller operations.
  • 138- For File Replication Service between domain controllers.r
  • 139- For File Replication Service between domain controllers.
  • 389- For LDAP to handle normal queries from client computers to the domain controllers.
  • 445- File replication/SMB
  • 464- For change the password of user account
  • 636- secure LDAP
  • 3268- Global Catalog server
  • 3269 – Global Catalog server [Secure]
  • 5722-File replication, DFSR
  • 9389- ADDS web service
  • 53248- FRS RPC

Above mentioned ports should be opened in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.