question

Yasarmistry-3565 avatar image
0 Votes"
Yasarmistry-3565 asked abhilashnb-0506 published

Active directory domain controler to Client require ports

Dear Support,

I planning to restrict firewall port between domain controller/Active Directory TO Client and Viceversa.. for server 2016 domain environment..

So please advise which port i need to open between client to AD Domain and Vicerversa...

Thanks

windows-active-directorywindows-server-2016
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer

0 Votes 0 ·

To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer

0 Votes 0 ·
learn2skills avatar image
0 Votes"
learn2skills answered learn2skills published

HI @Yasarmistry-3565
The below services and their ports used for Active Directory communication:

  1. UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.

  2. UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

  3. TCP and UDP Port 464 for Kerberos Password Change

  4. TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.

  5. UDP Port 88 for Kerberos authentication

  6. TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

  7. TCP and UDP Port 445 for File Replication Service

  8. TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.


If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hello,

Thank you so much for posting here.

Hope the provided information is helpful. For more detailed information, we could refer to:

How to configure a firewall for Active Directory domains and trusts
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts


Best regards,
Hannah Xiong

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

abhilashnb-0506 avatar image
0 Votes"
abhilashnb-0506 answered abhilashnb-0506 published

Hi HannahXiong-MSFT,

i have a query,

I am using an Domain controller(DC) and 10 physical client machines are added to this DC, if i enable or disable the Domain Controller firewall ports changes, will these changes be automatically reflected in client machines or we need to enable the same ports in all 10 nodes? If not how to do this procedure? Could you please explain.

Regards,
Abhilash NB

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.