Ports used in Active Directory Replication

A customer the other day was looking to configure his Domain Controller in a remote Branch Office behind a firewall. The question was what ports are required for Active Directory Replication.

The answer is the following;

Port Assignments for Active Directory Replication

Service Name UDP TCP

LDAP              389  389

LDAP                     636

LDAP                     3268

Kerboros         88    88

DNS                53    53

smb over IP     445   445

I thoroughly recommend if you are looking to deploy Windows 2003 in an Branch Office (Hub and Spoke) scenario then download the Branch Office Deployment Guide. This is an excellent reference covering all aspects of Active Directory Deployment. Chapter 3 is particulary good on the Physical configuration of your Active Directory Environment