Active Directory Port Requirements

A few days ago we posted a document to TechNet that outlines some of the various port requirements for Active Directory.  We gathered the port information from various KB articles and consolidated them into one document.  I think it should serve as a great reference guide for those of you configuring Active Directory communication through internal and external firewalls.  It details ports used by trusts, replication, global catalog, DNS, DHCP, etc.  It also outlines the new default dynamic port range, 49152-65535, for Windows Server 2008 and Windows Vista and pointers to why the range was increased from previous versions of our operating systems.

Active Directory and Active Directory Domain Services Port Requirements (

As always, if you have any suggestions for improvement please leave us feedback. 

This posting is provided "AS IS" with no warranties, and confers no rights.

Comments (6)

  1. Hi Chris,

    This looks like a better reference for port requirements for specific operations related to trusts:…/cc773178(v=WS.10).aspx

    I think some of the other trust-related ports listed at…/dd772723(WS.10).aspx
    pertain to communication over internal trusts within a forest (except for where it explicitly cites forest trust). I can try to clarify that.


    Justin [MSFT ]

  2. Anonymous says:

    Thanks, this is what I needed 🙂

  3. Sajeed says:

    Thanks for the info

  4. James Carter says:

    This article is a great one. It describes all clearly. I really liked it. It’s very helpful. I was looking for such articles. I have read a article here "…/all-ports-used-active-directory" which is almost like this.

  5. Chris Brown says:

    We are trying to identify what ports are required for trust between 2 separate forests. I would think that the ports required would be much less than communication between DC's in the same forest. Can you please confirm if where you list Trusts applies to Forest to Forest communication?


  6. Seymour Brown says:

    This information is incomplete because it does not describe the client device involved. The ports needed depend on whether it’s a PC, a server (and type of server – Exhcange may have different requirements), another DC, and type of DC.

    I suggest you find an SME who understands TCP and UDP at a packet level, as well as AD and its implementation, and start a new document.

Skip to main content