What ports do I need to open for (insert product here) to work?

Are you setting up a router or a firewall, perhaps setting up a domain trust, connecting some Forests, or remotely managing your environment, and you need to know what ports must be opened for (Active Directory, MOM, SMTP, whatever…) to work?

We have a KB article for that:

KB 832017
Service overview and network port requirements for the Windows Server system

For example, the following port are needed for Active Directory:

Active Directory (Local Security Authority)

Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephemeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in the following article in the Microsoft Knowledge Base:

224196 (https://support.microsoft.com/kb/224196/) Restricting Active Directory replication traffic and client RPC traffic to a specific port

Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP.

System service name: LSASS

Application protocol

Protocol

Ports

Global Catalog Server

TCP

3269

Global Catalog Server

TCP

3268

LDAP Server

TCP

389

LDAP Server

UDP

389

LDAP SSL

TCP

636

LDAP SSL

UDP

636

IPsec ISAKMP

UDP

500

NAT-T

UDP

4500

RPC

TCP

135

RPC randomly allocated high TCP ports

TCP

1024 - 65536

 

The article is updated regularly, and is very handy to have bookmarked!