The ports and protocols for DRA communication are provided in this section.
Configurable ports are indicated with one asterisk *
Ports requiring a certificate are indicated with two asterisks **
Component tables:
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 135 |
Bi-directional |
DRA Administration Servers |
End-point mapper, a basic requirement for DRA communication; enables Administration servers to locate each other in MMS |
|
TCP 445 |
Bi-directional |
DRA Administration Servers |
Delegation model replication; file replication during MMS synchronization (SMB) |
|
Dynamic TCP port range * |
Bi-directional |
Microsoft Active Directory domain controllers |
By default, DRA assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls. |
|
TCP 50000 * |
Bi-directional |
DRA Administration Servers |
Attribute replication and DRA server-AD LDS communication. (LDAP) |
|
TCP 50001 * |
Bi-directional |
DRA Administration Servers |
SSL attribute replication (AD LDS) |
|
TCP/UDP 389 |
Outbound |
Microsoft Active Directory domain controllers |
Active Directory object management (LDAP) |
|
Outbound |
Microsoft Exchange Server |
Mailbox management (LDAP) |
|
|
TCP/UDP 53 |
Outbound |
Microsoft Active Directory domain controllers |
Name resolution |
|
TCP/UDP 88 |
Outbound |
Microsoft Active Directory domain controllers |
Allows authentication from the DRA Server to the domain controllers (Kerberos) |
|
TCP 80 |
Outbound |
Microsoft Exchange Server |
Needed for all on-premises Exchange servers 2013 and later (HTTP) |
|
Outbound |
Microsoft Office 365 |
Remote PowerShell access (HTTP) |
|
|
TCP 443 |
Outbound |
Microsoft Office 365, Change Guardian |
Graph API access and Change Guardian Integration (HTTPS) |
|
TCP 443, 5986, 5985 |
Outbound |
Microsoft PowerShell |
Native PowerShell cmdlets (HTTPS) and PowerShell Remoting |
|
TCP 5984 |
Localhost |
DRA Administration Servers |
IIS access to the Replication Service to support temporary group assignments |
|
TCP 8092 * ** |
Outbound |
Workflow Server |
Workflow status and triggering (HTTPS) |
|
TCP 50101 * |
Inbound |
DRA Client |
Right-Click Change History report to UI Audit Report. Can be configured during installation. |
|
TCP 8989 |
Localhost |
Log Archive Service |
Log archive communication (does not need to be opened through the firewall) |
|
TCP 50102 |
Bi-directional |
DRA Core Service |
Log Archive Service |
|
TCP 50103 |
Localhost |
DRA Cache Service |
Cache service communication on the DRA server (does not need to be opened through the firewall) |
|
TCP 1433 |
Outbound |
Microsoft SQL Server |
Reporting data collection |
|
UDP 1434 |
Outbound |
Microsoft SQL Server |
SQL Server browser service uses this port to identify the port for the named instance. |
|
TCP 8443 |
Bi-directional |
Change Guardian Server |
Unified Change History |
|
TCP 8898 |
Bi-directional |
DRA Administration Servers |
DRA Replication Service communication between DRA servers for temporary group assignments |
|
TCP 636 |
Outbound |
Microsoft Active Directory domain controllers |
Active Directory object management (LDAP SSL). |
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 8755 * ** |
Inbound |
IIS Server, DRA PowerShell cmdlets |
Execute DRA REST-based workflow activities (ActivityBroker) |
|
TCP 11192 * ** |
Outbound |
DRA Host Service |
For communication between DRA REST Service and DRA Administration Service |
|
TCP 135 |
Outbound |
Microsoft Active Directory domain controllers |
Autodiscovery using Service Connection Point (SCP) |
|
TCP 443 |
Outbound |
Microsoft AD Domain Controllers |
Autodiscovery using Service Connection Point (SCP) |
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 8755 * ** |
Outbound |
DRA REST Service |
For communication betweeen DRA Web Console, DRA PowerShell, and DRA Host Service |
|
TCP 443 |
Inbound |
Client Browser |
Opening a DRA web site |
|
TCP 443 ** |
Outbound |
Advanced Authentication Server |
Advanced Authentication |
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 135 |
Outbound |
Microsoft Active Directory domain controllers |
Autodiscovery using SCP |
|
Dynamic TCP port range * |
Outbound |
DRA Administration Servers |
DRA Adapter workflow activities. By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls (DCOM) |
|
TCP 50102 |
Outbound |
DRA Core Service |
Change History report generation |
|
Protocol and Port |
Direction |
Destination |
Usage |
|---|---|---|---|
|
TCP 8755 |
Outbound |
DRA Administration Servers |
Execute DRA REST-based workflow activities (ActivityBroker) |
|
Dynamic TCP port range * |
Outbound |
DRA Administration Servers |
DRA Adapter workflow activities. By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls (DCOM) |
|
TCP 1433 |
Outbound |
Microsoft SQL Server |
Workflow data storage |
|
TCP 8091 |
Inbound |
Operations Console and Configuration Console |
Workflow BSL API (TCP) |
|
TCP 8092 ** |
Inbound |
DRA Administration Servers |
Workflow BSL API (HTTP) and (HTTPS) |
|
TCP 2219 |
Localhost |
Namespace Provider |
Used by the Namespace Provider to run adapters |
|
TCP 9900 |
Localhost |
Correlation Engine |
Used by the Correlation Engine to communicate with the Workflow Engine and Namespace Provider |
|
TCP 10117 |
Localhost |
Resource Management Namespace Provider |
Used by the Resource Management Namespace Provider |