Communication Ports for Active Roles (4227036)

This article outlines the ports used by Active Roles and Synchronization Service.

Active Roles Administration Service:

• 15172 (HTTPS) TCP Inbound
• All high ports (1024-65535) on port 15172
  • Client machines randomly select high ports to use for outgoing traffic on port 15172 to access the Active Roles Administration Service.

Starling Connect Notifications Pane:

The appropriate port must be open from the client browser inbound to the Active Roles Administration Service hosts.

• 7465 (HTTP) TCP Inbound
• 7466 (HTTPS) TCP Inbound

Synchronization Service:

• 15173 (HTTPS) TCP Inbound

Synchronization Service Capture Agent (Installed on Domain Controllers):  

• 7148 (HTTPS) TCP Inbound

Communicating with Azure:

Active Roles Administration Service host must be able to resolve and access the following URLs:

• https://login.microsoftonline.com/
• https://graph.microsoft.com/
• https://graph.windows.net/

DNS:

• 53 TCP/UDP

Web Interface:

• 80 (HTTP) TCP
• 443 (HTTPS) TCP

SQL Server:

• 1433 (default SQL instance) TCP
• 1434 (SQL Server Browser service) UDP

Domain Controllers:

• 88 (Kerberos) TCP/UDP
• 135 (RPC endpoint mapper) TCP
• 139 (SMB/CIFS) TCP
• 445 (SMB/CIFS) TCP
• 389 (LDAP) TCP/UDP
• 3268 (Global Catalog LDAP) TCP
• 636 (LDAP SSL) TCP

Ports required if Active Roles is configured to access the domain by using SSL:

• 3269 (Global Catalog LDAP SSL) TCP
• The TCP port allocated by RPC endpoint mapper for communication with the domain controller
  • You can configure Active Directory domain controllers to use specific port numbers for RPC communication. For instructions, see this Microsoft Article.

Managed AD LDS instances:

• The TCP port used for LDAP communication with the AD LDS server is configurable in the Add Managed AD LDS Instance Wizard.

Exchange Servers:

• 135 (RPC endpoint mapper) TCP
• The TCP port allocated by RPC endpoint mapper for communication with the Exchange server.
  • You can configure Exchange servers to use specific port numbers for RPC communication. For more information, contact Microsoft Support

​The following ports must be open for operations related to the WinRM service to work:

• 5985 (HTTP) TCP
• 5986 (HTTPS) TCP

Access to SMTP sever for e-mail integration:

• 25 TCP Outbound
  • Active Roles uses SMTP port 25 by default. The default port number can be changed in the properties of the Mail Configuration object in the Active Roles console. If Mail Configuration specifies a different port, open that port rather than port 25.

Computer Resource Management & Home Folder Provisioning/Deprovisioning:

• 139 (SMB/CIFS) TCP
• 445 (SMB/CIFS) TCP

Computer restart:

• 139 (SMB/CIFS) TCP
• 137 (WINS) UDP
• 138 (NetBIOS) UDP