Porty używane podczas łączenia do kontrolera domeny AD
Komunikacja Active Directory odbywa się za pomocą kilku portów.
Poniżej jest lista usług i ich portów używanych do komunikacji Active Directory:
Protocol and Port | AD and AD DS Usage | Type of traffic |
---|---|---|
TCP 25 | Replikacja | SMTP |
TCP and UDP 53 | User and Computer Authentication, Name Resolution, Trusts | DNS |
TCP and UDP 88 | User and Computer Authentication, Forest Level Trusts | Kerberos |
UDP 123 | Windows Time, Trusts | Windows Time |
TCP 135 | Replikacja | RPC, EPM |
UDP 137 | User and Computer Authentication, | NetLogon, NetBIOS Name Resolution |
UDP 138 | DFS, Group Policy | DFSN, NetLogon, NetBIOS Datagram Service |
TCP 139 | ser and Computer Authentication, Replication | DFSN, NetBIOS Session Service, NetLogon |
TCP and UDP 389 |
LDAP Server - Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP |
TCP and UDP 445 | SMB - Replication, User and Computer Authentication, Group Policy, Trusts | SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc |
TCP and UDP 464 | Replication, User and Computer Authentication, Trusts | Kerberos change/set password |
TCP 500 | IPsec ISAKMP | |
TCP 636 |
LDAP SSL - Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP SSL |
TCP 3268 |
Global Catalog - Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP GC |
TCP 3269 |
Global Catalog - Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP GC SSL |
UDP 67 and UDP 2535 |
DHCP is not a core AD DS service but it is often present in many AD DS deployments. | DHCP, MADCAP |
UDP 4500 | NAT-T | |
TCP 5722 |
Replikacja plików |
RPC, DFSR (SYSVOL) |
TCP 9389 | Active Directory Web Services (ADWS), Active Directory Management Gateway Service | SOAP |
TCP 1024 - 5000 TCP 49152 - 65535 |
RPC randomly allocated high TCP ports | |
UDP Dynamic |
Group Policy |
DCOM, RPC, EPM |
TCP Dynamic | Replication, User and Computer Authentication, Group Policy, Trusts | RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS |
Porty te są wymagane przez obu komputerach klienckich i kontrolerów domeny.
Przykład, komputer kliencki próbuje znaleźć kontroler domeny wysyła zapytanie DNS przez port 53, aby znaleźć nazwę kontrolera domeny w domenie.