Hi,
The following is the list of services and their ports used for Active Directory communication:
- UDP Port 88 for Kerberos authentication
- UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
- TCP Port 139 and UDP 138 for File Replication Service between domain controllers.
- UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
- TCP and UDP Port 445 for File Replication Service
- TCP and UDP Port 464 for Kerberos Password Change
- TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
- TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
- udp 123 for time service
- udp for netlogon and netbios
- TCP 139 for
Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly. "
Please check the below link for more details.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/4ea85317-56c3-446d-9736-bfd046fc589c/port-needed-between-a-member-server-and-domain-controller-that-are-separated-by-a-firewall?forum=winserversecurity
https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/ActiveDirectory/WhatAllPortsAreRrequiredByDomainControllersAndClientComputers.html
Thanks,
Arindam