Q. I have an internal firewall between sections of my network. What ports must I open to allow user and computer account authentication?

A. Basic authentication on a network consists of several steps. First, the client locates a domain controller (DC), which requires DNS connectivity--port 53 on UDP and TCP. Next, the client performs a connectivity test by using a Lightweight Directory Access Protocol (LDAP) Ping--port 389 over UDP. Then, the client uses Kerberos (port 88 via UDP and TCP) and Server Message Block (SMB, port 445 via UDP and TCP) to complete the authentication to the DC. Therefore, you must enable all these ports.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.