LDAP and Exchange port conflict


If you have Active Directory and Exchange on the same box, you probably have a problem with conflicting ports. Active Directory uses Lightweight Directory Access Protocol ( LDAP ) as does Exchange. Unfortunately Active Directory and Exchange try to use the same ports for the LDAP communications causing mis-communications. Active Directory and Exchange use LDAP via TCP port 389 for client communications and TCP port 636 for secure client communication ( SSL ). If this is the case, what you will normally see is problems in Exchange but it could effect either or both. If you check the event log, it will inform you of the “probable” port conflict by generating Event ID: 1306 and Event ID: 1309 errors, port 389 and port 636 conflicts, respectively.

You have a fine gotcha! on your hands. What to do? What to do?

I would strongly recommend from a security perspective that you do not run any application including Exchange or IIS on a domain controller. If you can, move the Exchange server to a member server. If you must run both Active Directory and Exchange on the same server, see How to Change LDAP Port Assignments in Exchange Server.

If you have firewall and are trying to block LDAP port access, LDAP uses


  • TCP port 389 for client communications
  • TCP port 636 for SSL communications
  • TCP port 3268 for communications to Global Catalog server
  • TCP port 3269 for SSL communications to Global Catalog server


Related Tips:


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top