Active Directory relies on a wide set of ports to support authentication, directory lookups, group policy processing, replication, and Windows domain communication. This dataset outlines the essential ports used by Kerberos, LDAP/LDAPS, DNS, SMB, RPC, and Global Catalog operations—forming the backbone of any Windows enterprise environment.
This reference is invaluable for engineers designing hybrid identity solutions, troubleshooting authentication issues, securing domain controllers, or building firewall rules for segmented networks. Understanding these ports is critical for secure and reliable AD operations across cloud, LAN, VPN, and remote access architectures.
| Port | Protocol | Service | Description |
|---|---|---|---|
| 53 | TCP/UDP | DNS | Domain Name System for AD name resolution |
| 88 | TCP/UDP | Kerberos | Authentication for AD |
| 135 | TCP | RPC Endpoint Mapper | Used by many AD operations |
| 137 | UDP | NetBIOS-NS | Legacy name service |
| 138 | UDP | NetBIOS-DGM | NetBIOS datagram service |
| 139 | TCP | NetBIOS-SSN | Legacy SMB over NetBIOS |
| 389 | TCP/UDP | LDAP | Directory services queries |
| 445 | TCP | SMB | File sharing, Group Policy, SYSVOL |
| 464 | TCP/UDP | Kerberos Change/Set Password | Password operations |
| 636 | TCP | LDAPS | LDAP over SSL |
| 3268 | TCP | Global Catalog | Forest-wide searches |
| 3269 | TCP | Global Catalog SSL | Secure forest-wide searches |
| 9389 | TCP | AD DS Web Services | Used for PowerShell & remote mgmt |
