Firewall Ports Required to Join AD Domain - (2024)

FAQs

What port does firewall use to join domain? ›

Port 135 (TCP) for inbound RPC endpoint mapper connections to enable the computer to join the Active Directory domain. Port 49152-65535 (TCP) for inbound RPC endpoint connections (“TCP Dynamic”) to enable the computer to join the Active Directory domain.

Also Below are the commonly required ports to communicate with DCs. UDP Port 88 for Kerberos authentication UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations. TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

The following ports are required for basic AD communication: TCP/UDP port 53: DNS. TCP/UDP port 88: Kerberos authentication. TCP/UDP port 135: RPC.

Quick Definition: LDAP port 389 is the default port for unencrypted LDAP communication, typically used for directory-related data exchange. In contrast, LDAP port 636 is the encrypted counterpart, ensuring secure transmission of data related to network accounts.

DNS zone transfers use TCP port 53. DNS queries use UDP port 53.

Active Directory makes use of other security and networking protocols including LDAP (Lightweight Directory Access Protocol), DNS (Domain Name System), and Microsoft's version of the Kerberos authentication protocol.

What is Port 445 Used For? You use port 445 to share the resources of devices on a network using SMB, which is also a critical component of Microsoft Active Directory (AD).

At a minimum, you need a 1.4 GHz, 64-bit CPU that supports Second Level Address Translation, 512 MB of RAM -- or 2 GB of RAM when using Desktop Experience -- and 32 GB of disk space. For better performance, especially with larger domains, consider a faster CPU and 4 GB of RAM.

What is port 445 used for on domain controller? ›

What is the use of port 445? Port 445 is a Microsoft networking port which is also linked to the NetBIOS service present in earlier versions of Microsoft Operating Systems. It runs Server Message Block (SMB), which allows systems of the same network to share files and printers over TCP/IP.

Do domain controllers use LDAP? Yes, DCs support LDAP (Lightweight Directory Access Protocol). LDAP is a protocol for accessing server resources over an internet or intranet.

Note: The default LDAP port number is 389. If you are using SSL, the default LDAP port number is 636.

The standard port for LDAP communication is 389, although other ports can be used. For example, if you must be able to start the server as a regular user, use an unprivileged port, by default 1389. Port numbers less than 1024 require privileged access.

Port 3268. This port is used for queries specifically targeted for the global catalog. LDAP requests sent to port 3268 can be used to search for objects in the entire forest. However, only the attributes marked for replication to the global catalog can be returned.

When you add "443" at the end of a URL, you are specifying the port number for a secure web connection. Port 443 is the default port for secure HTTP (HTTPS) traffic. Here's what it means: HTTP (Hypertext Transfer Protocol): The standard protocol for transferring data over the World Wide Web is known as HTTP.

The fact you're seeing this service and port suggests you may be scanning a Domain Controller, for which both UDP & TCP ports 464 are used by the Kerberos Password Change. This port in particular is used for changing/setting passwords against Active Directory.