Port used for Active Directory authentication against Domain Controllers

Hi All,

I'd like to know if anyone can let me know which IP address or server that is currently using Active Directory integrated domain authentication ? I'm running Wireshark for one week to get the data of which servers is using AD authentication mode.

Is htere any port number that is used by the application to conenct to the domain controller for DomainMode enumeration ?

Because when I look into the Event viewer in all of the domain controllers, I'm overwhelmed and confused myself.

LVL 11
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ganesamoorthy STech LeadCommented:
Use below command to find the current authentication DC name

Nltest /dsgetdc:DomainName or Set L

For AD port


Senior IT System EngineerIT ProfessionalAuthor Commented:
Ok so if I run the command above is there any outage ?
Ganesamoorthy STech LeadCommented:
No outage running above command, this will list current logon DC with site and others details
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Will SzymkowskiSenior Solution ArchitectCommented:
What are you trying to achieve here? All domain objects are going to use AD for authentication. Also use the port list from the offical TechNet which provides more detail.


You can also use netstat >> c:\results.txt to find the machines that are authenticating to a DC based on the ports they are using at the current time.

Senior IT System EngineerIT ProfessionalAuthor Commented:
I'm raising domain functionality level from 2003 to 2008R2 Will.

So I need to know which server it application is authenticating regularly against my AD domain controllers.

Any .Net framework older than 4.0 will have issue in 2008R2 domain functionality level.
Will SzymkowskiSenior Solution ArchitectCommented:
Where did you read that upgrading the functional level affects. NetFramework lower than 4.0? Upgrading the functional level only affects the Domain controllers and the features that are "unlocked". It does not affect members servers or workstations.

Senior IT System EngineerIT ProfessionalAuthor Commented:
This one Will:


So I wonder if Exchange Server 2010 SP3 needs to be restarted as well and apply the patch or hotfix too.
Will SzymkowskiSenior Solution ArchitectCommented:
Ok thanks for the link. Looking at the link above it only applied to very specific machines 2003/2008SP2 anything above that does not apply. Also the application will only be affected if it is using "DomainMode Enumeration". That being said why not just apply the HotFix available to your machines that are 2008SP2 and 2003?

Seems logical.

So I wonder if Exchange Server 2010 SP3 needs to be restarted as well and apply the patch or hotfix too.

IF you are running 2008SP2 for your Exchange 2010 server then apply the patch. See the other link below for helpful info.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:

Luckilly all of my Exchange Servers 2010 SP3 are running on Windows Server 2008 R2 non-SP1 and also all of the Applicatiopn Servers running Windows Server 2008 R2 SP1, so I guess I do not need to apply the patch above :-)

Also I do not even need restarting Exchange server services after the raise.
Will SzymkowskiSenior Solution ArchitectCommented:
That is correct.

Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks Guys !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.