Is port 389 on AD in anyway used or required when a new client queries . . . Thanks for that information I am aware that port 389 is required for those operations you listed in AD My question is, if there is any importance of port 389 on the AD server "when a client is querying and joining domain via secure LDAP"
LDAP is used over port 389 although LDAPS is configured in AD If the MMC (for example Active Directory Users and Computers) is used, the connection is still made via port 389 From a third-party application which uses the PowerShell commandlet Get-GPOReport (more details here) the active directory port is configured with 636 but in wireshark you only see connections over port 389 The commandlet Get
Ports That Are Used by RDS - Windows Server | Microsoft Learn TCP and UDP 389: Used by the Lightweight Directory Access Protocol (LDAP) for user authentication It's required when using LDAP for Certificate Revocation Lists (CRLs) TCP and UDP 53: Used by the Domain Name System (DNS) for internal resource name resolution TCP 80: Required when using HTTP for CRLs TCP 21: Required when using FTP for CRLs
Disable LDAP 389 and enforce LDAPS 636 in AD - Microsoft Q A It's normale behavior, the port 389 will continue used tby client to send a ping LDAP during the Dclocator process in order to identify the closest domain controller and domain join Please don't forget to accept helpful answer
LDAP session security settings and requirements after ADV190023 . . . Sessions on ports 389 or 3268 or on custom LDS ports that don't use TLS SSL for a Simple Authentication and Security Layer (SASL) bind Sessions that use TLS SSL by using a predetermined port (636, 3269, or a custom LDS port), or standard ports (389, 3268, or a custom LDS port) that use the STARTTLS extended operation
TCP and UD ports required for communication between Domain Controllers . . . UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers TCP and UDP Port 445 for Replication, User and Computer Authentication, Group Policy, TCP and UDP Port 464 for Kerberos Password Change TCP Port 3268 and 3269 for Global Catalog from client to domain controller
Service overview and network port requirements for Windows Important This article contains several references to the default dynamic port range In Windows Server 2008 and later versions, and in Windows Vista and later versions, the default dynamic port range changed to the following range:
Domain-joined machines cant detect the domain profile Check if the machine can establish a TCP port 389 connection to the DC identified in the preceding step Ensure that TCP port 389 is allowed in Windows Firewall From an administrative command prompt or PowerShell window, run the following command to check if the TCP connection to the DC is successful: Telnet <DCName or IP> 389
Using the PortQry command-line tool - Windows Server LDAP (UDP port 389) NetBIOS Adapter status query (UDP port 137) In these cases, PortQry uses an ephemeral port for the second test When this occurs, PortQry records "Using ephemeral source port" in its output If the computer where PortQry is installed also runs the IPSec policy agent, UDP port 500 may not be available to use as a source port