Active Directory Port Mapping and Uses

Quick run down of AD ports, their uses, and the differences in versions of Windows Active Directory

PortAD and AD DS UsageType of trafficServer 2003Server 2008Server 2012RODC
TCP and UDP 389Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAPxxxX
TCP 636Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP SSLxxx
TCP 3268Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP GCxxx
TCP 3269Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP GC SSLxxx
TCP and UDP 88User and Computer Authentication, Forest Level TrustsKerberosxxx
TCP and UDP 53User and Computer Authentication, Name Resolution, TrustsDNSxxxUDP
TCP and UDP 445Replication, User and Computer Authentication, Group Policy, TrustsSMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvcxxx
TCP 25ReplicationSMTPxxx
TCP 135ReplicationRPC, EPMxxxX
TCP DynamicReplication, User and Computer Authentication, Group Policy, TrustsRPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRSxxx
TCP 5722File ReplicationRPC, DFSR (SYSVOL)xxNot UsedX
UDP 123Windows Time, TrustsWindows Timexxx
TCP and UDP 464Replication, User and Computer Authentication, TrustsKerberos change/set passwordxxx
UDP DynamicGroup PolicyDCOM, RPC, EPMxxx
UDP 138DFS, Group PolicyDFSN, NetLogon, NetBIOS Datagram Servicexxx
TCP 9389AD DS Web ServicesSOAPxxx
UDP 137User and Computer Authentication,NetLogon, NetBIOS Name Resolutionxxx
TCP 139User and Computer Authentication, ReplicationDFSN, NetBIOS Session Service, NetLogonxxx
TCP Dynamic 1025 - 5000 DNS, DRSUAPI, NetLogonR, SamRXNot UsedNot UsedNot Used
TCP Dynamic 49152-65535 DNS, DRSUAPI, NetLogonR, SamRNot UsedXXX



Dynamic Port RangeUse
1025 - 50002003
49152-655352008 >
1025 - 5000 and 49152-65535Mixed 2003 / 2008