Need to know which ports to open in firewall for changing ad users passwords .

shihas shamsudheen 26 Reputation points
2021-04-01T06:49:05.847+00:00

Dear Team,

In our organization users can change their ad passwords by clicking alt+cntl+delete when they are in LAN. when users are connected to the vpn , they cant change the ad passwords. Because the port is not opened in firewall.

Please advise as which port should be open in firewall for ad password changing purpose

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,110 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,839 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 13,921 Reputation points MVP
    2021-04-01T09:09:15.523+00:00

    Hi @shihasshamsudheen-6893
    Thank You for posting in Q & A.

    UDP 389, UDP/TCP 88, and UDP/TCP 464 (password change requests) ports are open for the domain controllers in the user domain.
    refer - https://learn.microsoft.com/en-us/archive/blogs/activedirectoryua/conditions-for-kerberos-to-be-used-over-an-external-trust

    If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

    0 comments
  2. Dave Patrick 426.1K Reputation points MVP
    2021-04-01T12:20:24.54+00:00

    You can check the required ports are flowing
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
    https://www.microsoft.com/en-us/download/details.aspx?id=24009

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments