D.0 Network Ports Used by DSfW

This section discusses the network ports that are used by DSfW services to listen on for incoming network traffic. These ports are configured automatically after the DSfW installation.

Table D-1 Services and Network Ports used by DSfW


Port / Protocol

Microsoft-DS traffic

445/TCP, 445/UDP


389/TCP (or 636/TCP if using SSL)




88/TCP, 88/UDP


53/TCP, 53/UDP

RPC Endpoint Manager

135/TCP, 135/UDP

RCP Dynamic Assignments

1024 - 65535/TCP

Global Catalog LDAP


Global Catalog LDAP over SSL


Network Time Protocol


NetBIOS Name Service

137/TCP, 137/UDP

NetBIOS Datagram Service

138/TCP, 138/UDP

NetBIOS Session Service

139/TCP, 139/UDP

Domain Service Daemon


The RPC dynamic assignment rule allows inbound traffic on any port above 1023. If your firewall permits this, there is very little reason to enable a firewall. However, you can force xadsd to use a specific port by using the -p option. Otherwise, RPC ports are ephemeral.

After restarting the DNS server, refer to Section 8.0, Activities After DSfW Installation or Provisioning to verify that eDirectory and DSfW have been installed and configured correctly.

IMPORTANT:After installing DSfW server into a partition in which you want to configure a domain, the DSfW server holds the master replica of that partition. This is required because the master replica holds the FSMO roles for the domain.