What firewall ports need to be open for Active Directory?
Firewall Ports required to join AD Domain (Minimum)
- TCP 88 (Kerberos Key Distribution Center)
- TCP 135 (Remote Procedure Call)
- TCP 139 (NetBIOS Session Service)
- TCP 389 (LDAP)
- TCP 445 (SMB,Net Logon)
- UDP 53 (DNS)
- UDP 389 (LDAP, DC Locator, Net Logon)
- TCP 49152-65535 (Randomly allocated high TCP ports)
What port is needed for AD authentication?
Authentication to AD LDAP: port 389 UDP.
What port must be opened for LDAP on a firewall?
LDAP uses port 389 and LDAP with SSL uses port 636.
How do I allow a domain through firewall?
To manage the whitelist in the Windows Firewall, click Start, type firewall and click Windows Firewall. Click Allow a program or feature through Windows Firewall (or, if you’re using Windows 10, click Allow an app or feature through Windows Firewall).
Is SMB required for Active Directory?
To access an (administrative) share, SMB is needed. Workstations and domain member servers need the workstation service (also SMB) to access the domain controller to run logon scripts etc.
How do I open Active Directory Domains and Trusts?
To start the Active Directory Domains and Trusts, open the administrative tools shortcut named Active Directory Domains And Trusts. You can also use the Active Directory Domains and Trusts to open Active Directory Users and Computers by right-clicking on a domain and then selecting Manage from the shortcut menu.
How does LDAP work with firewall?
To allow our external connections to your Active Directory we need to setup an LDAPS connection for your Windows Server Firewall. This LDAPS connection is established by uses port rule 636/TCP in your server firewall, preventing MITM (man in the middle) attacks.
How do I open Active Directory domains and Trusts?
What ports are free?
Ports 49152-65535– These are used by client programs and you are free to use these in client programs. When a Web browser connects to a web server the browser will allocate itself a port in this range. Also known as ephemeral ports.