Azure AD Connect and On-premises AD
Protocol |
Ports |
Description |
DNS |
53 (TCP/UDP) |
DNS lookups on the destination forest. |
Kerberos |
88 (TCP/UDP) |
Kerberos authentication to the AD forest. |
MS-RPC |
135 (TCP/UDP) |
Used during the initial configuration of the Azure AD Connect wizard when it binds to the AD forest, and also during Password synchronization. |
LDAP |
389 (TCP/UDP) |
Used for data import from AD. Data is encrypted with Kerberos Sign & Seal. |
RPC |
445 (TCP/UDP) |
Used by Seamless SSO to create a computer account in the AD forest. |
LDAP/SSL |
636 (TCP/UDP) |
Used for data import from AD. The data transfer is signed and encrypted. Only used if you are using SSL. |
RPC |
49152- 65535 (Random high RPC Port) (TCP/UDP) |
Used during the initial configuration of Azure AD Connect when it binds to the AD forests, and during Password synchronization. See KB929851, KB832017, and KB224196for more information. |
Azure AD Connect and Azure AD
Protocol |
Ports |
Description |
HTTP |
80 (TCP/UDP) |
Used to download CRLs (Certificate Revocation Lists) to verify SSL certificates. |
HTTPS |
443(TCP/UDP) |
Used to synchronize with Azure AD. |
For a list of URLs and IP addresses, you need to open in your firewall, see Office 365 URLs and IP address ranges.
Azure AD Connect and AD FS Federation Servers/WAP
Protocol |
Ports |
Description |
HTTP |
80 (TCP/UDP) |
Used to download CRLs (Certificate Revocation Lists) to verify SSL certificates. |
HTTP |
443(TCP/UDP) |
Used to synchronize with Azure AD. |
WinRM |
5985 |
WinRM Listener |
WAP and Federation Servers
Protocol |
Ports |
Description |
HTTPS |
443(TCP/UDP) |
Used for authentication. |
WAP and Users
Protocol |
Ports |
Description |
HTTPS |
443(TCP/UDP) |
Used for device authentication. |
TCP |
49443 (TCP) |
Used for certificate authentication. |
Add a Comment