What All Ports Are Rrequired By Domain Controllers And Client Computers?

by [Published on 4 Feb. 2009 / Last Updated on 27 Oct. 2008]

Advertisement GFI LanGuard your virtual security consultant. Scan your LAN for any vulnerability and automate patch management for Windows, Mac OS & Linux. Get your FREE trial now!

GFI LanGuard is the essential tool for sysadmins:

  • Automate multiple OS patching
  • Scan for vulnerabilities
  • Audit hardware and software
  • Run compliance reports

Your FREE trial awaits:

Download a 30 day, fully functional, free trial which also includes GFI technical support.

No credit card required

This article explains the key port requirement for Client computers and Domain Controllers communicating with each other.

Active Directory communication takes place using several ports. These ports are required by both client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain.

The following is the list of services and their ports used for Active Directory communication:

  • UDP Port 88 for Kerberos authentication
  • UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
  • TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
  • UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
  • TCP and UDP Port 445 for File Replication Service
  • TCP and UDP Port 464 for Kerberos Password Change
  • TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
  • TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.

Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.

 

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Latest Contributions

Featured Links