This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 93%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Dear Team,
In our organization users can change their ad passwords by clicking alt+cntl+delete when they are in LAN. when users are connected to the vpn , they cant change the ad passwords. Because the port is not opened in firewall.
Please advise as which port should be open in firewall for ad password changing purpose
To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer
Hi @shihasshamsudheen-6893
Thank You for posting in Q & A.
UDP 389, UDP/TCP 88, and UDP/TCP 464 (password change requests) ports are open for the domain controllers in the user domain.
refer - https://learn.microsoft.com/en-us/archive/blogs/activedirectoryua/conditions-for-kerberos-to-be-used-over-an-external-trust
If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
You can check the required ports are flowing
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009
--please don't forget to Accept as answer if the reply is helpful--