- \n
- Ports Used When a User Logs into a Computer<\/li>\n\n\n\n
- Ports used when running gpupdate<\/li>\n\n\n\n
- Ports used when joining a computer to the domain<\/li>\n\n\n\n
- Ports Used When Rebooting<\/li>\n<\/ul>\n\n\n\n
Test Environment: <\/strong><\/p>\n\n\n\n
- \n
- Server 2022 with IP 192.168.100.10 (Active Directory Server)<\/li>\n\n\n\n
- Windows 10 Pro with IP 192.168.100.20<\/li>\n\n\n\n
- Wireshark is installed on the Active Directory server<\/li>\n\n\n\n
- The Active Directory server is a default install<\/li>\n<\/ul>\n\n\n\n
Active Directory Ports Summary<\/h2>\n\n\n\n
Here is a list of ports used by Active Directory by a default install. This is between the domain controller and a domain-joined computer. <\/p>\n\n\n\n
- \n
- TCP 135 Microsoft RPC<\/a><\/li>\n\n\n\n
- TCP\/UDP 49152 – 65535 RPC Dynamic Ports<\/a><\/li>\n\n\n\n
- TCP 88 Kerberos<\/a><\/li>\n\n\n\n
- TCP 389 LDAP<\/a><\/li>\n\n\n\n
- UDP 53 DNS<\/a><\/li>\n\n\n\n
- TCP 445 SMB<\/a><\/li>\n<\/ul>\n\n\n\n
TCP 135 Microsoft RPC Mapper<\/h3>\n\n\n\n
![\"TCP](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-tcp-135-2.webp\")
<\/figure>\n\n\n\n- \n
- Description:<\/strong> Port 135 is a critical client\/server port. This port is used by many Microsoft services and should not be blocked by a firewall. First the client connects to the RPC mapper service (port 135) and asks the mapper what port a given service is listening on (which will be a dynamic port range… see below). The RPC mapper responds to the client with the port and then the client connects to that port. You can see this in the above screenshot. <\/li>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. Port 135 should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
TCP\/UDP 49152 – 65535 RPC Dynamic Ports<\/h3>\n\n\n\n
![\"rpc](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-dynamic-range.webp\")
<\/figure>\n\n\n\n- \n
- Description:<\/strong> The dynamic port range is used by various server applications. RPC dynamic port allocation instructs the RPC program to use a particular random port in the range configured for TCP and UDP, based on the implementation of the operating system used. The RPC mapper (port 135) is used to connect clients to services running on these dynamic ports. <\/li>\n\n\n\n
- Firewall: <\/strong>Allow between client and server. This port range should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
\n
we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of 49152 through 65535. This range is in addition to well-known ports that are used by services and applications.<\/p>\nhttps:\/\/docs.microsoft.com\/en-US\/troubleshoot\/windows-server\/networking\/default-dynamic-port-range-tcpip-chang<\/cite><\/blockquote>\n\n\n\n
TCP 88 Kerberos<\/h3>\n\n\n\n
![\"tcp](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-tcp-88.webp\")
<\/figure>\n\n\n\n- \n
- Description:<\/strong> Kerberos is an authentication protocol that authenticates requests between a client and server in a secure manner. This is Microsoft Window’s default authentication method for domain-joined devices. <\/li>\n\n\n\n
- Firewall: <\/strong>Allow between client and server. Port should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
TCP 389 LDAP<\/h3>\n\n\n\n
![\"tcp](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-tcp-389.webp\")
<\/figure>\n\n\n\n- \n
- Description: <\/strong>LDAP is a directory access protocol. This protocol is used to search, add\/delete, authenticate and modify data in a Directory Server such as Active Directory. <\/li>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. Port should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
UDP 53 DNS<\/h3>\n\n\n\n
![\"udp](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-dns-53.webp\")
<\/figure>\n\n\n\n- \n
- Description: <\/strong>DNS is a critical service used to map IP addresses to host names. This is a critical service used by clients to locate resource records in the domain and lookup external domain names. <\/li>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. If DNS is running on your Active Directory server I do not recommend exposing it to the internet. <\/li>\n<\/ul>\n\n\n\n
TCP 445 SMB<\/h3>\n\n\n\n
![\"tcp](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-tcp-445.webp\")
<\/figure>\n\n\n\n- \n
- Description:<\/strong> Server message blocks (SMB protocol) is a client-to-server communication protocol used for accessing files, printers, and data on a network. This port is used during startup to get GPO information, it is also used when running the gpupdate<\/a> command. <\/li>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. Do not expose this port to the internet. <\/li>\n<\/ul>\n\n\n\n
Ports Used When a User Logs into a Domain-Joined Computer<\/h2>\n\n\n\n
In this example, I will log into computer PC1 (192.168.100.20) and capture the network packets from the domain controller. <\/p>\n\n\n\n
Here is a conversation view of the TCP\/UDP ports used. This is traffic sent from the client to the domain controller and destination ports. <\/p>\n\n\n\n
![\"ports](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-login-1d.webp\")
<\/figure>\n\n\n\nHere is a summary of the destination ports used by the client. <\/p>\n\n\n\n
- \n
- TCP 88 (Kerberos)<\/li>\n\n\n\n
- TCP 135 (Microsoft RPC)<\/li>\n\n\n\n
- TCP 389 (LDAP)<\/li>\n\n\n\n
- TCP 445 (Microsoft DS)<\/li>\n\n\n\n
- TCP 49668 (RPC for LSA, SAM, NetLogon) – This starts with a request to port 135<\/li>\n\n\n\n
- UDP 53 (DNS)<\/li>\n\n\n\n
- UDP 389 (LDAP)<\/li>\n<\/ul>\n\n\n\n
Ports Used When Running Gpupdate<\/h2>\n\n\n\n
While logged into the client PC I will run the gpupdate<\/a> command to see what ports are used. <\/p>\n\n\n\n
Results below. It Looks like TCP port 445 is used the most when running a gpupdate. <\/p>\n\n\n\n
![\"ports](\"https:\/\/activedirectorypro.com\/wp-content\/uploads\/2022\/08\/ad-ports-gpo-1.webp\")
<\/figure>\n\n\n\nPorts Used When Joining a Computer to The Domain<\/h2>\n\n\n\n
This looked similar to the other packet captures. <\/p>\n\n\n\n
TCP 88 (Kerberos)
TCP 135 (Microsoft RPC)
TCP 389 (LDAP)
TCP 445 (Microsoft DS)
TCP 49668 (RPC for LSA, SAM, NetLogon) – This starts with a request to port 135
UDP 53 (DNS)<\/p>\n\n\n\nPorts Used When Rebooting<\/h2>\n\n\n\n
Nothing new, I see the same ports used when compared to the other packet captures. <\/p>\n\n\n\n
Hopefully, this guide helps you to understand the ports used between a client and an Active Directory server. Keep in mind this test was a default domain controller install with no additional services running, the more services you install the more ports that may be used. <\/p>\n\n\n\n
Resources: <\/h2>\n\n\n\n
- \n
- Service overview and network port requirements for Windows<\/a><\/li>\n\n\n\n
- Service Name and Transport Protocol Number Registry<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
In this post, I will explore the TCP and UDP ports used by Active Directory from client to server. I will use WireShark and a series of tests to determine what ports are used. Tests I’ll be running: Test Environment: Active Directory Ports Summary Here is a list of ports used by Active Directory by … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":30369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1835],"tags":[],"_links":{"self":[{"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/posts\/30311"}],"collection":[{"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/comments?post=30311"}],"version-history":[{"count":3,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/posts\/30311\/revisions"}],"predecessor-version":[{"id":37501,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/posts\/30311\/revisions\/37501"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/media\/30369"}],"wp:attachment":[{"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/media?parent=30311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/categories?post=30311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/activedirectorypro.com\/wp-json\/wp\/v2\/tags?post=30311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Service Name and Transport Protocol Number Registry<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
- Service overview and network port requirements for Windows<\/a><\/li>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. Do not expose this port to the internet. <\/li>\n<\/ul>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. If DNS is running on your Active Directory server I do not recommend exposing it to the internet. <\/li>\n<\/ul>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. Port should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
- Firewall: <\/strong>Allow between client and server. Port should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
- Firewall: <\/strong>Allow between client and server. This port range should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
- Firewall:<\/strong> Allow between client and server. Port 135 should not be exposed to the internet. <\/li>\n<\/ul>\n\n\n\n
- TCP\/UDP 49152 – 65535 RPC Dynamic Ports<\/a><\/li>\n\n\n\n
- TCP 135 Microsoft RPC<\/a><\/li>\n\n\n\n