Here is a list of the required ports that need to be opened on the Active Roles, Sync Services, and Quick Connect hosts as noted below.
Active Roles Ports
A dynamically allocated TCP port for RPC communication with the Global Catalog Server. See http://support.microsoft.com/kb/224196 for instructions on how to configure Active Directory to use a predefined port number for RPC communication.
A dynamically allocated TCP port for RPC communication with the Exchange Server (MSExchangeIS). See http://support.microsoft.com/kb/270836 for instructions on how to configure Exchange to use predefined port numbers for RPC communication.
Computer resource management:
Home folder provisioning/deprovisioning:
Mailbox Replication Service:
SMTP servers (e-mail notification feature):
Managed AD LDS instances:
Quick Connect Password Capture Agent:
Synchronization Service Additional Ports:
Note: Port 15173 is also needed for Password Synchronization. This port is used by the Capture Agent to talk to the Sync Service.
Synchronization Service Capture Agent:
Note: Port 7148 is used by the Sync Service to communicate with the Capture Agent.
Active Roles Collector Ports:
Communicating with Azure:
In addition to the above requirements, if an integration with an Azure Tenant is desired, the Active Roles Administration Service host must be able to resolve and access the following URLs:
In some instances, it will be necessary to open UDP Port 1434 for SQL server. Common Use: Microsoft SQL Monitor use in monitoring Microsoft SQL Databases.
The ActiveRoles Administration Service from versions prior to Active Roles 7.0 uses Distributed COM (DCOM) to process client connections and requests. Port 135 is used by these Administration Service clients to locate the Administration Service, and then a second connection in an range of ports is negotiated. By default, any available port in the 1024-65535 range will be used. All requests from Administration Service clients, such as the Active Roles Console or ADSI Provider, will need to use these port. Note that the port range can be restricted. For more information on this option, please see this Microsoft resource.
Starting with Active Roles 7.0, only bi-directional connectivity on port 15172 is required between the Active Roles Administration Service and any Active Roles Client.