Protocol and Port |
AD and AD DS Usage |
Type of traffic |
TCP and UDP 389 |
Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP |
TCP 636 |
Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP SSL |
TCP 3268 |
Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP GC |
TCP 3269 |
Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP GC SSL |
TCP and UDP 88 |
User and Computer Authentication, Forest Level Trusts |
Kerberos |
TCP and UDP 53 |
User and Computer Authentication, Name Resolution, Trusts |
DNS |
TCP and UDP 445 |
Replication, User and Computer Authentication, Group Policy, Trusts |
SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc |
TCP 25 |
Replication |
SMTP |
TCP 135 |
Replication |
RPC, EPM |
TCP Dynamic |
Replication, User and Computer Authentication, Group Policy, Trusts |
RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS |
TCP 5722 |
File Replication |
RPC, DFSR (SYSVOL) |
UDP 123 |
Windows Time, Trusts |
Windows Time |
TCP and UDP 464 |
Replication, User and Computer Authentication, Trusts |
Kerberos change/set password |
UDP Dynamic |
Group Policy |
DCOM, RPC, EPM |
UDP 138 |
DFS, Group Policy |
DFSN, NetLogon, NetBIOS Datagram Service |
TCP 9389 |
AD DS Web Services |
SOAP |
UDP 67 and UDP 2535 |
Note |
DHCP is not a core AD DS service but it is often present in many AD DS deployments. |
|
DHCP, MADCAP |
UDP 137 |
User and Computer Authentication, |
NetLogon, NetBIOS Name Resolution |
TCP 139 |
User and Computer Authentication, Replication |
DFSN, NetBIOS Session Service, NetLogon |