Required Network Ports for Active Directory

Required Ports

Port No.

Protocol

Used by

Required for

1024-5000

TCP/UDP

RPC (dynamic response ports)

required for RPC to respond to communications

135

TCP

RPC (endpoint mapper) 

required to open the endpoint mapper to the destination for RPC communications

389

TCP/UDP

LDAP

required to bind to a DC

3268

TCP

LDAP GC 

required to bind to the GC function of a domain controller (extremely important for Exchange)

53

TCP/UDP

DNS

required for name resolution and Active Directory functionality as a whole

88

TCP/UDP

Kerberos

self explanatory

445

TCP

SMB

self explanatory

123

UDP

SNTP

required for time synchronization with a time source

ICMP

required for group policy detection, application, and MTU size detection, as well as other low level activities

Optional Ports

Port No.

Protocol

Used by

Required for

636

TCP

LDAP SSL 

required to bind to a DC using LDAP over SSL

3269

TCP

LDAP GC SSL 

required to bind to a GC using LDAP over SSL

137

UDP

NetBIOS name 

self explanatory

138

UDP

NetBIOS Netlogon and Browsing 

self explanatory

139

TCP

NetBIOS session 

self explanatory

42

TCP

WINS replication 

self explanatory

1723

TCP

PPTP

required if using PPTP VPN tunnel