| Protocol and Port | AD and AD DS Usage | Type of traffic |
|---|
|
TCP and UDP 389
|
Directory, Replication, User and Computer Authentication, Group Policy, Trusts
|
LDAP
|
|
TCP 636
|
Directory, Replication, User and Computer Authentication, Group Policy, Trusts
|
LDAP SSL
|
|
TCP 3268
|
Directory, Replication, User and Computer Authentication, Group Policy, Trusts
|
LDAP GC
|
|
TCP 3269
|
Directory, Replication, User and Computer Authentication, Group Policy, Trusts
|
LDAP GC SSL
|
|
TCP and UDP 88
|
User and Computer Authentication, Forest Level Trusts
|
Kerberos
|
|
TCP and UDP 53
|
User and Computer Authentication, Name Resolution, Trusts
|
DNS
|
|
TCP and UDP 445
|
Replication, User and Computer Authentication, Group Policy, Trusts
|
SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
|
|
TCP 25
|
Replication
|
SMTP
|
|
TCP 135
|
Replication
|
RPC, EPM
|
|
TCP Dynamic
|
Replication, User and Computer Authentication, Group Policy, Trusts
|
RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS
|
|
TCP 5722
|
File Replication
|
RPC, DFSR (SYSVOL)
|
|
UDP 123
|
Windows Time, Trusts
|
Windows Time
|
|
TCP and UDP 464
|
Replication, User and Computer Authentication, Trusts
|
Kerberos change/set password
|
|
UDP Dynamic
|
Group Policy
|
DCOM, RPC, EPM
|
|
UDP 138
|
DFS, Group Policy
|
DFSN, NetLogon, NetBIOS Datagram Service
|
|
TCP 9389
|
AD DS Web Services
|
SOAP
|
|
UDP 67 and UDP 2535
|
DHCP
 Note |
|---|
| DHCP is not a core AD DS service but it is often present in many AD DS deployments. |
|
DHCP, MADCAP
|
|
UDP 137
|
User and Computer Authentication,
|
NetLogon, NetBIOS Name Resolution
|
|
TCP 139
|
User and Computer Authentication, Replication
|
DFSN, NetBIOS Session Service, NetLogon
|
