none
Active Directory Ports

Answers

  • Here is the information --> https://support.microsoft.com/en-us/kb/832017

    Also, this article is very good as well... http://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by Shane Paluo Wednesday, June 29, 2016 7:14 AM
    Wednesday, June 29, 2016 2:46 AM
  • Hi,

    Thanks for your post.

    Based on my research, you should ensure that the following ports between clients and Active Directory Domain Controllers are open:

    REQUIRED

    88 - TCP/ UDP (Kerberos traffic)

    389 - TCP (Kerberos LDAP - queries)

    389 - UDP (Kerberos LDAP - ping)

    464 - TCP (Kerberos - password changes)

    3268 - TCP (Global Catalog LDAP)

    OPTIONAL

    53 - TCP/UDP (DNS - used to receive DNS SRV records not required if joining to specific Domain Controllers)

    123 - UDP (NTP - used to synchronize time between Active Directory and Authentication Services clients)

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Shane Paluo Wednesday, June 29, 2016 7:14 AM
    Wednesday, June 29, 2016 3:00 AM
    Moderator

All replies

  • Here is the information --> https://support.microsoft.com/en-us/kb/832017

    Also, this article is very good as well... http://blogs.msmvps.com/acefekay/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple/


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by Shane Paluo Wednesday, June 29, 2016 7:14 AM
    Wednesday, June 29, 2016 2:46 AM
  • Hi,

    Thanks for your post.

    Based on my research, you should ensure that the following ports between clients and Active Directory Domain Controllers are open:

    REQUIRED

    88 - TCP/ UDP (Kerberos traffic)

    389 - TCP (Kerberos LDAP - queries)

    389 - UDP (Kerberos LDAP - ping)

    464 - TCP (Kerberos - password changes)

    3268 - TCP (Global Catalog LDAP)

    OPTIONAL

    53 - TCP/UDP (DNS - used to receive DNS SRV records not required if joining to specific Domain Controllers)

    123 - UDP (NTP - used to synchronize time between Active Directory and Authentication Services clients)

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Shane Paluo Wednesday, June 29, 2016 7:14 AM
    Wednesday, June 29, 2016 3:00 AM
    Moderator