none
Why does AD use UDP 445 ? - for which communication ?

Answers

  • Am 20.10.2016 um 11:33 schrieb Sai Krishna Nagisetti:
    > Why does AD use UDP 445 ? - for which communication ?
     
     
    Replication, User and Computer Authentication, Group Policy, Trusts:
    SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Thursday, October 20, 2016 12:56 PM
  • Hi,

    Thanks for your post.

    The following is the list of services and their ports used for Active Directory communication: 
    • UDP Port 88 for Kerberos authentication
    • UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
    • TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
    • UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
    • TCP and UDP Port 445 for File Replication Service
    • TCP and UDP Port 464 for Kerberos Password Change
    • TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
    • TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 21, 2016 5:41 AM
    Moderator

All replies

  • Am 20.10.2016 um 11:33 schrieb Sai Krishna Nagisetti:
    > Why does AD use UDP 445 ? - for which communication ?
     
     
    Replication, User and Computer Authentication, Group Policy, Trusts:
    SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Thursday, October 20, 2016 12:56 PM
  • Hi,

    Thanks for your post.

    The following is the list of services and their ports used for Active Directory communication: 
    • UDP Port 88 for Kerberos authentication
    • UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
    • TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
    • UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
    • TCP and UDP Port 445 for File Replication Service
    • TCP and UDP Port 464 for Kerberos Password Change
    • TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
    • TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 21, 2016 5:41 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 24, 2016 5:28 AM
    Moderator
  • I'd like to know the answer to this as well. I get a lot of requests (I'm a network guy) to open random firewall ports that frankly don't make sense. TCP/445 is for SMB but honestly I don't think I've ever once seen rules used by (for example) TCP/53 or UDP/445 ever once get hit.

    <rant>Really there's a lot of crummy documentation that suggests a myriad of ports need to be opened to facilitate AD between campuses but after I punch more holes in my firewalls then you find in your average slab of Swiss cheese it turns out only three or four rules are actually used and the rest suggest a profound non-understanding of the nature of transport vs. network protocols and stateful firewalls, that have only been around since... god I'm old, the past 23 years!</rant>.

    Anyway I'm going back to Google to see if anyone can tell me what UDP/445 is for.


    Thursday, August 31, 2017 7:06 PM