The Active Directory domain controller port. What ports need to be opened for communication between domain members and domain controllers? Are there other ports except LDAP389, 139, 445, and DNS21?
A: According to your description, I understand this question as the port to be opened for communication between the DC and the domain members. The following is a list of ports to be opened. The client refers to a domain member.
Client port server port service
1024-65535/TCP 135/tcp rpc *
1024-65535/TCP/UDP 389/TCP/UDP LDAP
1024-65535/TCP 636/TCP LDAP SSL
1024-65535/TCP 3268/TCP LDAP GC
1024-65535/TCP 3269/TCP LDAP GC SSL
65535-/TCP/UDP 53/TCP/UDP DNS
1024-65535/TCP/UDP 88/TCP/UDP Kerberos
1024-65535/TCP 445/TCP SMB
If you do not use SSL, the corresponding SSL port does not need to be opened.
In addition, Microsoft does not recommend that the domain controller open these ports over the internet, which may result in domain instability or security. If you do need to remotely renew the domain, we recommend that you use VPN to dial in the Intranet for verification.
Paolo Lin Microsoft Global Technical Support Center
For more information about the domain controller port, see
Branch domain controller port settings
Domain Controller Port
Communication port between the primary domain controller and the secondary Domain Controller
The active directory can be CIDR blocks.
--- Gnaw0725
This article is from the "Active Directory SEO" blog