Professional Documents
Culture Documents
Port
Type of traffic
TCP and
UDP 389
LDAP
TCP 636
LDAP SSL
TCP 3268
GC
TCP and
Kerberos
UDP 88
TCP and
UDP 53
DNS
TCP and
UDP 445
SMB over IP
TCP 25
SMTP
RPC, ECM
TCP 135,
Dynamic
Note
Replication of SYSVOL requires File Replication Service (FRS) or Distributed File System (DFS) Replication over a dynamic
RPC port. If you want to configure FRS or DFS Replication to use a particular port, see article 832017 in the Microsoft Knowledge
Base (http://go.microsoft.com/fwlink/?LinkID=22498).
Trusts
The following tables list the port requirements for establishing trusts in the following environments:
Microsoft Windows NT
Windows NT
The following table lists the port assignments for establishing a trust with a Windows NT 4.0 domain. In this environment, one side of the trust is
a Windows NT 4.0 trust or the trust was created by using the NetBIOS names.
Client port
Server port
Type of traffic
UDP 137
UDP 137
UDP 138
UDP 138
TCP Dynamic
TCP 139
For a mixed-mode domain that uses either Windows NT domain controllers or early-version client computers, trust relationships between
Windows 2000 Serverbased domain controllers and Windows Server 2003based domain controllers may necessitate that all the ports for
Windows NT that are listed in the previous table be opened, in addition to the ports in the following table.
Note
The two domain controllers are both in the same forest, or the two domain controllers are both in a separate forest apart from one another. Also,
the trusts in the forest are Windows Server 2003 trusts or Windows Server 2008 trusts.
Client port
Server port
Type of traffic
TCP Dynamic
TCP 135
RPC, EPM
TCP Dynamic
TCP
Dynamic
TCP389
LDAP
TCP Dynamic
TCP 636
LDAP SSL
TCP Dynamic
TCP 3268
GC
TCP Dynamic
TCP 3269
GC SSL
DNS
Kerberos
TCP and
UDP 88
TCP 445
Note
To define RPC server ports that the LSA RPC services use, see article 832017 in the Microsoft Knowledge
Base (http://go.microsoft.com/fwlink/?LinkID=22498).
Client port
Server port
Type of traffic
TCP Dynamic
RPC, EPM
LDAP
TCP Dynamic
TCP 636
LDAP SSL
TCP Dynamic
TCP 3268
GC
TCP Dynamic
TCP 3269
GC SSL
DNS
Kerberos
TCP Dynamic
UDP 138
Global catalog
The following table lists the ports that global catalog servers use.
Port
Type of traffic
TCP 3268
GC
TCP 3269
GC SSL
Port
Type of traffic
TCP 135
RPC, EPM
FRsRpc
TCP 389
LDAP
Note
For more information about configuring file replication through a specific static port, see article 319553 in the Microsoft Knowledge Base
(http://go.microsoft.com/fwlink/?LinkId=149419).
The following table lists the ports that you must open on the firewall to allow communication from an RODC in a perimeter network to a
writeable domain controller in a corporate network.
Port
Type of traffic
TCP 57344
FRsRpc
LDAP
TCP 3268
GC
TCP 445
DNS
TCP 88
Kerberos
UDP 123
Note
For more information about configuring Active Directory replication through a specific port, see article 224196 in the Microsoft Knowledge
Base (http://go.microsoft.com/fwlink/?LinkID=133489).
The following table lists the ports that you must open on the firewall to allow communication between the member servers in a perimeter network
and an RODC in the perimeter network. You must open these ports only if there is an internal firewall that separates the member servers in the
perimeter network from the RODC in the perimeter network.
Port
Type of traffic
TCP 135
RPC, EPM
LDAP
TCP 445
UDP 53
DNS
TCP 88
Kerberos
TCP Dynamic
Note
If you are using Windows Server 2003 in the perimeter network, you must also open UDP port 88 for Kerberos communication. In contrast, by
default Windows Server 2008 uses only TCP port 88 for Kerberos communication.
DNS
The following table lists the port requirements for Domain Name System (DNS).
Port
Type of traffic
DNS
DHCP
The following table lists the port requirements for Dynamic Host Configuration Protocol (DHCP).
Port
UDP 67
Type of traffic
DHCP
UDP 2535
MADCAP
Port
Type of traffic
WINS Replication
UDP 137
Port
Type of traffic
UDP 389
LDAP
RPC
TCP Dynamic
Note
For information about how to restrict RPC traffic to a specific port, see article 224196 in the Microsoft Knowledge Base
(http://go.microsoft.com/fwlink/?LinkID=133489).
Group Policy
The following table lists the port requirements for Group Policy. In addition to the ports in the following table, a client computer must also be
able to contact a domain controller over Internet Control Message Protocol (ICMP). ICMP is used for slow link detection.
Port
Type of traffic
TCP 389
LDAP
TCP 445
SMB
Port
TCP 9389
Type of traffic
SOAP