Active Directory Ports required between client and domain controllers

Active Directory uses several ports for communication between domain controllers and clients. These ports are required both by client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.

  • 53- DNS
  • 88- Kerberos
  • 123- Time Service
  • 135- for domain controllers-to-domain controller and client to domain controller operations.
  • 138- For File Replication Service between domain controllers.r
  • 139- For File Replication Service between domain controllers.
  • 389- For LDAP to handle normal queries from client computers to the domain controllers.
  • 445- File replication/SMB
  • 464- For change the password of user account
  • 636- secure LDAP
  • 3268- Global Catalog server
  • 3269 – Global Catalog server [Secure]
  • 5722-File replication, DFSR
  • 9389- ADDS web service
  • 53248- FRS RPC

Above mentioned ports should be opened in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.