Virtualisation Technology Architecture and Industry Comments from the Front-Lines
  Home  |   Contact  |   Syndication    |   Login
  25 Posts | 0 Stories | 17 Comments | 1 Trackbacks

News

Archives

Post Categories

Altiris

Blogs Active Directory

Blogs Citrix

Blogs Messaging and Mobility

Blogs MS TS

Blogs VMware

Citrix Technology Professionals (CTP)

Hot Topic: Application Virtualisation

Peers

Social Networking

Tools - Application Packaging

Tools - Citrix

Vendors SSL VPN

Vendors SSO

Vendors Virtualisation

WinPE

Active Directory and Firewall Ports

I found it hard to find a definitive list on the internet for what ports needed opening for Active Directory to replication between Firewalls.  Here are my findings and all is working so, hope this helps someone else.

 

 

  TCP UDP ICMP
RDP Remote Desktop 3389    
DNS DNS Download 53    
DNS Queries   53  
WINS Replication WINS 42    
WINS   42  
ICMP echo-request     8
info-request     15
mast request     17
timestamp     13
NetBIOS Services Name Resolution Service  137 137  
Datagram  Services (Browsing)   138  
Session Service (net use) 139    
SMB Input 445    
Output   445  
Remote Storm   1025    
NTP NTP 123    
NTP   123  
Content Replication Content_Repl 507    
Kerberos Kerberos-Secure   750  
Kerberos_v5 88 + 464    
Kerberos_v5   88 + 464  
LDAP LDAP 389    
LDAP   389  
LDAP over SSL/TLS 636 636  
Global Catalog 3268    
Global Catalog over SSL/TSL 3269    
Replication Active Directory RPCSS Dynamic    
FRS RPCSS Dynamic    
Microsoft CIFS Microsoft-CIFS (DS)  445    
Microsoft-CIFS (DS)   445  
RPC – Cert Services (+) RPC 135    
SNMP SNMP Agent   161  
SNMP Trap 162    
ASP.Net State Service   42424    
Link State Algorithm Routing   691    
TCP – High Ports  (Cert Services) > 1023 1024 - 65535    
posted on Wednesday, May 09, 2007 2:34 AM

Feedback

# re: Active Directory and Firewall Ports 5/25/2007 11:48 AM Aumie
This is excellent; I've been looking for something like this as well. Thanks for making it available.

# re: Active Directory and Firewall Ports 5/31/2007 12:29 PM nsg
I really do hope that this is the definitive guide as I have never found anything that is definitive, not even on the MS support site.

# re: Active Directory and Firewall Ports 7/16/2007 5:30 AM Jack Nielsen
Good work! Thank you!

# re: Active Directory and Firewall Ports 9/2/2007 6:49 PM Mike
Hi guys

here are also nice information about replication over firewalls: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx

maybe it'll help.

greetz Mike

# re: Active Directory and Firewall Ports 9/28/2007 4:43 PM mike
There is a great mcse training site which I got cds for $11.00 each. The site is MCSE Trainig CDs

# re: Active Directory and Firewall Ports 2/25/2009 4:20 AM drew
Sweet, thanks!

I've used this, combined with Microsoft's info on how to restrict RPC services to a limited port list (5000-5100 in this case), and with the power of MS Excel (quick incrementing of port #'s) have created this that can be cut/paste into a command prompt window... I may have missed some, and you may want services open to more that just your subnet (or 3389 RDP not open to all ips) so use at your own risk ;-)

commands start here:
------------------------
netsh firewall add portopening tcp 3389 139_tcp_AD_PORTS enable
netsh firewall add portopening tcp 139 139_tcp_AD_PORTS enable subnet
netsh firewall add portopening tcp 445 445_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 137 137_udp_AD_PORTS enable subnet
netsh firewall add portopening udp 138 138_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 53 53_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 53 53_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 42 42_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 42 42_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 137 137_tcp_AD_PORTS enable subnet
netsh firewall add portopening tcp 1025 1025_tcp_AD_PORTS enable subnet
netsh firewall add portopening tcp 123 123_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 123 123_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 507 507_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 750 750_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 88 88_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 88 88_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 464 464_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 464 464_udp_AD_PORTS enable subnet
netsh firewall add portopening udp 389 389_udp_AD_PORTS enable subnet
netsh firewall add portopening udp 636 636_udp_AD_PORTS enable subnet
netsh firewall add portopening udp 445 445_udp_AD_PORTS enable subnet
netsh firewall add portopening udp 161 161_udp_AD_PORTS enable subnet
netsh firewall add portopening tcp 162 162_tcp_AD_PORTS enable subnet
netsh firewall add portopening tcp 42424 42424_tcp_AD_PORTS enable subnet
netsh firewall add portopening tcp 5000 5000_tcp_AD_PORTS enable subnet
netsh firewall add portopening tcp 5001 5001_tcp_AD_PORTS enable subnet

.... ports omitted due to post size limitations (tcp 5002-5099) ...

netsh firewall add portopening tcp 5100 5100_tcp_AD_PORTS enable subnet
netsh firewall add portopening udp 5000 5000_udp_AD_PORTS enable subnet
netsh firewall add portopening udp 5001 5001_udp_AD_PORTS enable subnet

.... more ports omitted due to post size limitations (udp 5002-5099) ...

netsh firewall add portopening udp 5100 5100_udp_AD_PORTS enable subnet

# re: Active Directory and Firewall Ports 5/22/2009 5:08 AM Jordy Guillon
Very handy. Thanks!

# re: Active Directory and Firewall Ports 6/5/2009 11:08 AM Andrea
Excellent, thanks.
Im going to try right now.

AQA

# re: Active Directory and Firewall Ports 7/9/2009 6:08 AM hamid rezaie
thanks a lot very usful

# re: Active Directory and Firewall Ports 7/24/2009 8:27 AM Dan
This helped me out a great deal, thanks a lot!

# re: Active Directory and Firewall Ports 10/10/2009 10:59 AM Adam
Thanks mate - worked like a charm ^.^

It's always good to see a list of errors suddenly disapear. lol.

# re: Active Directory and Firewall Ports 10/12/2009 3:41 AM Business Directory
That's great, I never thought about Active Directory like that before.


# re: Active Directory and Firewall Ports 11/23/2009 11:47 PM traslochi intercontinentali
Wow, I never knew that Active Directory . That's pretty interesting…


# re: Active Directory and Firewall Ports 11/24/2009 9:10 PM Ganesan K
Very good information on all tech peoples

Post A Comment
Title:
Name:
Email:
Website:
Comment:
Verification: