Active Directory Port Requirements
A few days ago we posted a document to TechNet that outlines some of the various port requirements for Active Directory. We gathered the port information from various KB articles and consolidated them into one document. I think it should serve as a great reference guide for those of you configuring Active Directory communication through internal and external firewalls. It details ports used by trusts, replication, global catalog, DNS, DHCP, etc. It also outlines the new default dynamic port range, 49152-65535, for Windows Server 2008 and Windows Vista and pointers to why the range was increased from previous versions of our operating systems.
Active Directory and Active Directory Domain Services Port Requirements (https://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx)
As always, if you have any suggestions for improvement please leave us feedback.
This posting is provided "AS IS" with no warranties, and confers no rights.
Comments
Anonymous
January 01, 2003
Hi Chris, This looks like a better reference for port requirements for specific operations related to trusts:technet.microsoft.com/.../cc773178(v=WS.10).aspx I think some of the other trust-related ports listed at technet.microsoft.com/.../dd772723(WS.10).aspx pertain to communication over internal trusts within a forest (except for where it explicitly cites forest trust). I can try to clarify that. Thanks, Justin [MSFT ]Anonymous
January 01, 2003
Thanks, this is what I needed :-)Anonymous
January 05, 2011
Thanks for the infoAnonymous
July 14, 2011
This article is a great one. It describes all clearly. I really liked it. It’s very helpful. I was looking for such articles. I have read a article here "www.techyv.com/.../all-ports-used-active-directory" which is almost like this.Anonymous
September 12, 2013
We are trying to identify what ports are required for trust between 2 separate forests. I would think that the ports required would be much less than communication between DC's in the same forest. Can you please confirm if where you list Trusts applies to Forest to Forest communication? Thanks!Anonymous
February 09, 2015
This information is incomplete because it does not describe the client device involved. The ports needed depend on whether it's a PC, a server (and type of server - Exhcange may have different requirements), another DC, and type of DC.
I suggest you find an SME who understands TCP and UDP at a packet level, as well as AD and its implementation, and start a new document.