Active directory domain controler to Client require ports

Yasar mistry 251 Reputation points
2021-02-11T07:03:01.957+00:00

Dear Support,

I planning to restrict firewall port between domain controller/Active Directory TO Client and Viceversa.. for server 2016 domain environment..

So please advise which port i need to open between client to AD Domain and Vicerversa...

Thanks

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,370 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,843 questions
Accepted answer
  1. SUNOJ KUMAR YELURU 13,921 Reputation points MVP
    2021-02-11T08:03:31.157+00:00

    HI @Yasar mistry
    The below services and their ports used for Active Directory communication:

    1. UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
    2. UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
    3. TCP and UDP Port 464 for Kerberos Password Change
    4. TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
    5. UDP Port 88 for Kerberos authentication
    6. TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
    7. TCP and UDP Port 445 for File Replication Service
    8. TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

    Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.

    If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,231 Reputation points
    2021-02-12T02:53:05.9+00:00

    Hello,

    Thank you so much for posting here.

    Hope the provided information is helpful. For more detailed information, we could refer to:

    How to configure a firewall for Active Directory domains and trusts
    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. abhilash n b 1 Reputation point
    2021-10-06T14:52:07.797+00:00

    Hi HannahXiong-MSFT,

    i have a query,

    I am using an Domain controller(DC) and 10 physical client machines are added to this DC, if i enable or disable the Domain Controller firewall ports changes, will these changes be automatically reflected in client machines or we need to enable the same ports in all 10 nodes? If not how to do this procedure? Could you please explain.

    Regards,
    Abhilash NB

    0 comments