Anforderungen Ports
Das Active Directory sowie die Active Directory Domain Services benötigen zur reibungslosen Kommunikation einen Satz an geöffneten Ports.
Diese Anforderungen stehen für eine DC zu DC Kommunikation (nicht schreibgeschützt) bis hin zu Windows Server 2019.
Protocol and Port | AD and AD DS Usage | Type of traffic |
---|---|---|
TCP and UDP 389 | Directory, Replication, User and Computer Authentication, Group Policy, Trusts | LDAP |
TCP 636 | Directory, Replication, User and Computer Authentication, Group Policy, Trusts | LDAP SSL |
TCP 3268 | Directory, Replication, User and Computer Authentication, Group Policy, Trusts | LDAP GC |
TCP 3269 | Directory, Replication, User and Computer Authentication, Group Policy, Trusts | LDAP GC SSL |
TCP and UDP 88 | User and Computer Authentication, Forest Level Trusts | Kerberos |
TCP and UDP 53 | User and Computer Authentication, Name Resolution, Trusts | DNS |
TCP and UDP 445 | Replication, User and Computer Authentication, Group Policy, Trusts | SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc |
TCP 25 | Replication | SMTP |
TCP 135 | Replication | RPC, EPM |
TCP Dynamic | Replication, User and Computer Authentication, Group Policy, Trusts | RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS |
TCP 5722 | File Replication | RPC, DFSR (SYSVOL) |
UDP 123 | Windows Time, Trusts | Windows Time |
TCP and UDP 464 | Replication, User and Computer Authentication, Trusts | Kerberos change/set password |
UDP Dynamic | Group Policy | DCOM, RPC, EPM |
UDP 138 | DFS, Group Policy | DFSN, NetLogon, NetBIOS Datagram Service |
TCP 9389 | AD DS Web Services | SOAP |
UDP 67 and UDP 2535 | DHCP | DHCP, MADCAP |
UDP 137 | User and Computer Authentication | NetLogon, NetBIOS Name Resolution |
TCP 139 | User and Computer Authentication, Replication | DFSN, NetBIOS Session Service, NetLogon |
TCP dynamic = 49152 bis 65535 ab Windows Server 2008
Eine Liste mit weiteren Ports rund um das Thema schreibgeschützte Domänencontroller, findet ihr unter diesem Link.