want to know only DC to Clients firewall ports

Yasar mistry 251 Reputation points
2021-05-06T13:51:05.007+00:00

Dear Support,

I need to know only DC to Clients ports requirements.

Could you please help and share the DC to Client ports

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,555 questions
{count} vote

5 answers

Sort by: Most helpful
  1. Stian K 6 Reputation points
    2021-08-06T09:43:20.223+00:00

    I notice the question in the first post is about ports from domain controller to client, if that changed in a later post the orginal question is still unanswered.

    Unfortunatly i have not found any source that document any requirements, but i do have some experience.

    In my experience there is no need to have any ports open from the domain controller to the domain client, this is the setup we are running in production and it has not caused any issue for us. Please mark that you may use systems or features that we do not use that reuqire some ports to be open, this is why it is sad no official source does adress this.

    When looking in the firewall logs we do observe that the domain controller do try and connect to all clients on port 135(RPC) and 137(NetBIOS), NetBIOS we can easy ignore, the RPC port we have no idea why it tries to connect on but as long as we dont know we keep it closed.

    1 person found this answer helpful.
    0 comments No comments

  2. Leon Laude 85,861 Reputation points
    2021-05-06T14:07:29.447+00:00

    Hi @Yasar mistry ,

    You'll find the list of all ports over here:

    Service overview and network port requirements for Windows
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

    How to configure a firewall for Active Directory domains and trusts
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Best regards,
    Leon

    0 comments No comments

  3. Yasar mistry 251 Reputation points
    2021-05-06T15:03:49.503+00:00

    Hi,
    Thanks for sharing, i have seen this article but i am bit confused what are the ports really require for clients to Domain controller...
    Could you please specified the ports require only from CLIENT TO DC.


  4. Yasar mistry 251 Reputation points
    2021-05-06T16:08:57.977+00:00

    Hi
    Appreciate your prompt response,
    In article all ports showing domain to domain or domain to clients but i don’t see required specific ports from clients to dc

    0 comments No comments

  5. Fan Fan 15,361 Reputation points Microsoft Vendor
    2021-05-06T23:52:39.15+00:00

    Hi,

    Below are the commonly required ports to communicate with DCs.

    UDP Port 88 for Kerberos authentication

    UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.

    TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

    UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

    TCP and UDP Port 445 for Replication, User and Computer Authentication, Group Policy,

    TCP and UDP Port 464 for Kerberos Password Change

    TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

    TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.

    The ephemeral ports are required:
    •TCP & UDP 1025-5000
    •TCP & UDP 49152-65535

    Best Regards,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.