Active Directory natively uses quite a range of services and outgoing ports. Since you want to limit use on port 636 you should read up on how to setup LDAPS (LDAP over SSL) on Windows
--please don't forget to Accept as answer if the reply is helpful--