Ports Used by Active Directory
I have listed some of the Ports Used by Active Directory for various services below.
| Service Name | Port | TCP/UDP | Description |
| DNS | 53 | Both | Domain Name Service which helps resolve IP Addresses into common names and vice versa; Also is used on TCP for XFER’s and Linux lookups for SRV records |
| Kerberos Authentication | 88 | Both | Authentication protocol used for Windows based clients on the domain |
| NTP | 123 | UDP | Network Time Protocol used to help sync the AD environment to the OpSource common infrastructure time |
| RPC Port Endmapper | 135 | TCP | Allows RPC Clients to determine the port number currently assigned to a particular RPC service |
| NetBIOS Session | 139 | TCP | Allows RPC Clients to determine the port number currently assigned to a particular RPC service (Not typically needed but added for completeness in tandem with 445/TCP) |
| LDAP | 389 | Both | Allows communication from client machines to Microsoft’s version of LDAP |
| SMB over TCP/IP | 445 | TCP | Used for file shares specifically with access to SYSVOL and NETLOGON shares for login scripts |
| RPC (Static Port for NTDS) | 1025 | TCP | Static mapping for RPC port rather than allowing all random ports above 1024 for the NTDS (TCP/IP Port registry key) |
| RPC (Static Port for NETLOGON) | 1026 | TCP | Static mapping for RPC port rather than allowing all random ports above 1024 (DCTcpipPort registry key) |
| Global Catalog | 3268 | TCP | Distributed data repository that contains a searchable, partial representation of every object flagged in AD |
| LDAP over SSL | 636 | TCP | Secure communication from client machines to Microsoft’s version of LDAP |
| Password Change (UNIX) | 464 | Both | Allows for password changes using the kpasswd module in UNIX |
| Kerberos Admin | 749 | Both | for password changes |
