Here is a list of the ports which Active Roles and Quick Connect need in order to function properly.
Active Roles Ports
A dynamically allocated TCP port for RPC communication with the Global Catalog Server. See http://support.microsoft.com/kb/224196 for instructions on how to configure Active Directory to use a predefined port number for RPC communication .
A dynamically allocated TCP port for RPC communication with the Exchange Server (MSExchangeIS). See http://support.microsoft.com/kb/270836 for instructions on how to configure Exchange to use predefined port numbers for RPC communication.
Computer resource management:
Home folder provisioning/deprovisioning:
Mailbox Replication Service:
SMTP servers (e-mail notification feature):
Managed AD LDS instances:
Active Roles Administration Service:
Sychronization Service Additional Ports:
Synchronization Service: (For Active Roles 7.X)
Note: Port 15173 is also needed for Password Synchronization. This port is used by the Capture Agent to talk to the Sync Service.
Synchronization Service Capture Agent:
Note: Port 7148 is used by the Sync Service to communicate with the Capture Agent.
Active Roles Collector Ports:
Communicating with Azure:
In addition to the above requirements, if an integration with an Azure Tenant is desired, the Active Roles Administration Service host must be able to resolve and access the following URLs:
In some cases you will need to open UDP Port 1434 for SQL server.
Common Use: Microsoft SQL Monitor use in monitoring Microsoft SQL Databases.
If you want to put a firewall between ARS clients (MMC Snap-in, Web Interface, PowerShell commands or VB script) and the Active Roles Service you need to open the following ports:
Port Type Direction Notes
135 TCP In/out Remote Procedure Call (RPC) endpoint mapper
Auto TCP In/out Administration Service client requests
ActiveRoles Administration Service from versions prior to Active Roles 7.0 uses Distributed COM (DCOM) over two separate TCP ports to accept client connections and requests. Port 135 is used by Administration Service clients to locate the Administration Service. The second TCP connection has its port number automatically assigned by the RPC endpoint mapper. By default, any available port in the 1024-65535 range will be used. All requests from Administration Service clients, such as the MMC Console or ADSI Provider, are sent over this port. Note that the port range can be restricted or set to a static port through the Component Services snap-in (part of the Windows administration tools). Port 1433 is used for SQL replication in ActiveRoles.Active Roles 7.X clients require bi-directional connectivity on ports TCP 135 and 15172.