Active Directory uses several ports for communication between domain controllers and clients. These ports are required both by client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.
- 53- DNS
- 88- Kerberos
- 123- Time Service
- 135- for domain controllers-to-domain controller and client to domain controller operations.
- 138- For File Replication Service between domain controllers.r
- 139- For File Replication Service between domain controllers.
- 389- For LDAP to handle normal queries from client computers to the domain controllers.
- 445- File replication/SMB
- 464- For change the password of user account
- 636- secure LDAP
- 3268- Global Catalog server
- 3269 – Global Catalog server [Secure]
- 5722-File replication, DFSR
- 9389- ADDS web service
- 53248- FRS RPC
Above mentioned ports should be opened in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.