Active Directory uses several ports for communication between domain controllers and clients. These ports are required both by client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.
- 53- DNS
- 88- Kerberos
- 123- Time Service
- 135- for domain controllers-to-domain controller and client to domain controller operations.
- 138- For File Replication Service between domain controllers.r
- 139- For File Replication Service between domain controllers.
- 389- For LDAP to handle normal queries from client computers to the domain controllers.
- 445- File replication/SMB
- 464- For change the password of user account
- 636- secure LDAP
- 3268- Global Catalog server
- 3269 – Global Catalog server [Secure]
- 5722-File replication, DFSR
- 9389- ADDS web service
- 53248- FRS RPC
Above mentioned ports should be opened in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.
Author
Related Posts
Diving into Primary Refresh Tokens and Authentication Strengths in Microsoft Entra ID
Microsoft Entra ID is the backbone of modern identity management, powering secure access to cloud and hybrid resources. At its core, the...
- authentication
- Biometrics
- Certificate-based Authentication
- Conditional Access
- Cybersecurity
- Device Binding
- Federated Authentication
- FIDO2
- Hybrid Access
- Identity Management
- Kerberos
- MFA
- Microsoft Authenticator
- Microsoft Entra ID
- Multi-factor Authentication
- NTLM
- OAuth 2.0
- OpenID Connect
- Passwordless
- Phishing-resistant
- Primary Refresh Token
- PRT
- SAML
- Security Keys
- Single Sign-On
- Smartcard
- SSO
- Temporary Access Pass
- Windows Hello
- WS-Federation
Mastering PRT Delayed Renewal in Microsoft Entra ID: Controls, Configurations, and Real-World Scenarios
In the evolving landscape of identity management, the Primary Refresh Token (PRT) stands as a cornerstone of seamless single sign-on (SSO) in...
Read out all
Understanding Tokens in Microsoft Entra ID: Types, Lifetimes, and Beyond
In the world of modern identity and access management, tokens are the digital keys that unlock secure access to resources. Microsoft Entra...
Read out all
Adding an Application Registration\ Service Principal to another Application Registration\ Service Principal
Typically when working with App Roles in Azure Active Directory for a single application registration or service principal and then self consuming...
Read out all
Get all the domains controllers in the AD forest along with their current FSMO roles
In a large enterprise an admin would need to keep track of all the domains in a AD forest, the domain names,...
Read out all
Force synchronization for DFSR-replicated SYSVOL
One of my clients had a problem with processing GPO on client computers. Different computers applied different settings from the same GPO...