Windows AD ports

[ZWarrior]

What ports are potentially used by a domain controller in the Active Directory environment?

http://support.microsoft.com/default.aspx?scid=kb;en-us;289241&Product=win2000

A List of the Windows Server Domain Controller Default Ports

This article was previously published under Q289241

SUMMARY
This article describes the most common ports, protocols, and services that are opened on a Windows 2000-based or a Windows Server 2003-based server that is running Active Directory. The purpose of this article is to list the different services and their respective ports, not to explain how to configure the ports for either a firewall or a proxy.

MORE INFORMATION
21/TCP (Transmission Control Protocol) -- FTP
This File Transfer Protocol (FTP) server is part of Internet Information Services (IIS) and is administered from the IIS administration tool. FTP is a common method to transfer files between two networked computers and to enable the convenient use of remote file storage capabilities.

25/TCP -- SMTP
This Simple Mail Transfer Protocol (SMTP) service is administered from the IIS administration tool. SMTP is the protocol that is used to send e-mail messages by means of the Internet.

53/UDP -- DNS
Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network. The resolution of names through the use of Domain Name System (DNS) is central to Windows Server operation. Without correct name resolution, users cannot locate resources on the network.

80/TCP -- HTTP
Hypertext Transfer Protocol (HTTP) is the set of rules for exchanging files (for example, text, graphic images, sound, video, and other multimedia files) on the World Wide Web (WWW). In comparison to the TCP/IP suite of protocols (that are the basis for information exchange on the Internet), HTTP is a program protocol.

88/UDP (User Datagram Protocol) -- Kerberos
Kerberos protocol is a network authentication method that is based on the key distribution model. This protocol enables entities that are communicating over networks to prove their identity to each other and at the same time this protocol can prevent eavesdropping or replay attacks. The Kerberos Key Distribution Center (KDC) listens on this port for ticket requests. Port 88 for the Kerberos protocol can also be TCP/UDP.

119/TCP -- NNTP
Network News Transfer Protocol (NNTP) is the predominant protocol that is used by computers for managing the notes that are posted on Usenet newsgroups. NNTP servers manage the global network of collected Usenet newsgroups.

135/TCP -- RPC
Remote procedure call (RPC) is a facility that enables a program on one Windows-based computer (the client computer) to invoke the services of another program that is running on a separate Windows-based computer (the server) in a distributed network. RPC is a program-level protocol that can use the communications services of any of the Windows networking protocols, which includes TCP/IP.

137/UDP -- NetBIOS Name Server
The network basic input/output system (NetBIOS) Name Server (NBNS) protocol, which is part of the NetBIOS over TCP/IP (NetBT) family of protocols, provides a means for hostname and address mapping on a NetBIOS-aware network.

138/UDP -- NetBIOS Datagram
The NetBIOS Datagram is part of the NetBIOS over TCP/IP (NetBT) family of protocols and is used for network logon and browsing.

139/TCP -- NetBIOS Session Services
NetBIOS Session Services are part of the NetBIOS over TCP/IP (NetBT) family of protocols and is used for server message block (SMB), file sharing, and printing.

389/UDP -- LDAP
LDAP is the Lightweight Directory Access Protocol. LDAP is designed to be a standard way of providing access to directory services. In Windows Server, LDAP is the primary way that the operating system accesses the Active Directory database.

443/TCP -- HTTPS
Secure Hypertext Transfer Protocol (HTTPS) is a variant of HTTP that is used for handling secure transactions. HTTPS is a unique protocol that is Secure Sockets Layer (SSL) under HTTP.

445/TCP -- SMB
The SMB protocol is used for file sharing in Microsoft Windows NT and Windows Server. Windows Server enables you to run SMB directly over TCP/IP, without the extra layer of NetBT.

464/TCP -- Kerberos Password V5
The Kerberos change password protocol is used to deny an administrator from setting a password for a new user. This functionality is useful in some environments, and this proposal can be used to enable password setting. This protocol is used when users changes their passwords.

500/UDP-- ISAKMP
Internet Security Association and Key Management Protocol (ISAKMP) or IKE (for Windows Server) is the key exchange mechanism for a virtual private network (VPN). ISAKMP manages the exchange of cryptographic keys and uses a two-phase process for establishing the Internet Protocol security (IPSec) connection between two gateways.

563/TCP -- SNEWS
SNEWS is secure NNTP.

593/TCP -- RPC over HTTP
RPC over HTTP is used for COM+ Internet Services and requires IIS to operate.

636/TCP -- LDAP over SSL
When SSL is enabled, LDAP data that is transmitted and received is encrypted.

1067/TCP -- Installation Bootstrap Service
The installation bootstrap protocol server.

1068/TCP -- Installation Bootstrap Service
The installation bootstrap protocol client.

1645/UDP -- IAS: Internet Authentication Service
This service is used for processing Remote Authentication Dial-In User Service (RADIUS) authentication messages and is supported by IAS to provide backward compatibility with earlier RADIUS servers.

1646/UDP -- IAS: Internet Authentication Service
This service is used for processing RADIUS accounting messages and is supported by IAS to provide backward compatibility with earlier RADIUS servers.

1701/UDP -- L2TP
Layer 2 Tunneling Protocol (L2TP) is a method for encapsulating standard Point-to-Point Protocol (PPP) by means of a variety of media. The protocol also enables encapsulation of PPP by using UDP packets.

1723/TCP -- PPTP
PPTP is an abbreviation for Point-to-Point Tunneling Protocol. It is an Internet protocol that is frequently used in VPN products. Windows NT supports PPTP server, and both Windows NT and Microsoft Windows 95 support PPTP client.

1812/UDP -- IAS Internet Authentication Service
This service is used for processing RADIUS authentication messages.

1813/UDP -- IAS Internet Authentication Service
This service is used for processing RADIUS authentication messages.

3268/TCP -- Microsoft Global Catalog
Active Directory global catalogs listen on this port.

3269/TCP -- Microsoft Global Catalog with LDAP/SSL
Microsoft global catalog SSL connections listen on this port.

3389/TCP -- RDP
Remote Desktop Protocol (RDP) is the protocol that enables a thin client to communicate with the Terminal server over the network. This protocol is based on the International Telecommunication Union (ITU) T.120 protocol, an international, standard multiple-channel conferencing protocol that is currently being used in the Microsoft NetMeeting conferencing software product.

The information in this article applies to:
Microsoft Windows Server 2003, Enterprise Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Last Reviewed: 10/8/2003 (4.0)