What firewall ports need to be open for Active Directory?
10,742
According to this blog post from an MVP.
- TCP 135 : MS-RPC
- TCP 1025 & 1026 : AD Login & replication
- TCP 389 : LDAP
- TCP & UDP 53 : DNS
- TCP 445 : SMB , Microsoft-ds
- TCP 139 : SMB
- UDP 137 & 138 : NetBIOS related
- UDP 88 : Kerberos v5
Related videos on Youtube
14 : 43
Group Policies - Configuring Firewall ports
01 : 55
Ports required for active Directory replication (Between Domain Controllers)
22 : 42
#Active Directory User Group assign with Sophos Firewall Rule
12 : 41
Open port on firewall to allow join domain
01 : 27
DevOps & SysAdmins: What firewall ports need to be open for Active Directory?
Comments
-
Piers Karsenbarg over 1 year
I want to run DFS replication between a couple of servers. It's my understanding that the servers need to be part of a domain for this. Being able to give people a username and password that works on all servers would be useful too, so I can lock up the admin password.
All machines will be running Windows 2008R2 and they will all be running Windows Firewall, so I need to be able to allow the other machines to connect to this server, but lock out everyone else.
So my question is: what ports do I need to allow the machines to connect to the Domain Controller over?
-
ravi yarlagadda over 12 yearsI would contest the 1025 and 1026 - they were probably used as ephemeral ports in that poster's testing, but that's not a relevant listening service. And you'll want TCP/88 for Kerberos as well.
