The People Picker Port Tester is a lightweight, open-source utility designed specifically to verify that all necessary network paths between SharePoint servers and Active Directory (AD) Domain Controllers are fully operational. Firewall blocks and restricted port access are the leading causes behind a lagging or broken SharePoint People Picker. Why Use the Port Tester Tool?
When a user types a name into the SharePoint People Picker, the SharePoint server queries Domain Controllers via multiple complex protocols (such as RPC, LDAP, and Kerberos). Traditional terminal commands like ping only test basic server presence, failing to verify whether the critical individual ports are actually blocked by a firewall. The People Picker Port Tester (available on GitHub) automates the scanning of all required Active Directory ports from a SharePoint perspective. The Ports Inspected by the Tool
For the People Picker to query local or cross-forest domains smoothly, the tool evaluates communication across the following core ports: Protocol / Service Port Number Traffic Type RPC / Endpoint Mapper NetBIOS Name Service 137, 138, 139 LDAP (Standard) LDAP (SSL/TLS) LDAP Global Catalog LDAP Global Catalog SSL DNS Kerberos SMB / Directory Services How to Use the People Picker Port Tester Step 1: Run the Tool on the Right Server
Execute from the SharePoint Farm: Always download and run the tool directly on your SharePoint Front-End (WFE) or Application servers.
Do not run it from your local machine, as client machines do not require direct port access to remote domain controllers for People Picker lookups. Step 2: Input Target Domain Credentials Open the application.
In the target field, provide the Fully Qualified Domain Name (FQDN) or IP address of the target Domain Controller.
If checking a cross-forest or trusted domain relationship, specify the target domain credentials to mirror how SharePoint queries the directory. Step 3: Scan and Analyze the Matrix Results
Click the execution button to test the ports. The tool generates a color-coded matrix:
Green (Open): The port accepts traffic. The network path is fully transparent.
Red (Closed/Filtered): The port is actively blocked by a network firewall, local Windows Firewall, or the destination service is stopped. Alternative: Testing Ports via PowerShell
If you are unable to download external tools into your server environment, you can test specific TCP connections natively using PowerShell: powershell
# Testing standard LDAP connectivity to a Domain Controller Test-NetConnection -ComputerName “DC.contoso.local” -Port 389 Use code with caution.
(Look for TcpTestSucceeded : True in the command output to verify the port is open).
If the Port Tester reveals closed connections, work with your network security team to explicitly open those TCP & UDP boundaries between the entire SharePoint IP subnet and the target Domain Controllers.
Are you experiencing issues with a local domain or a cross-forest trusted domain? If you share the specific error message or SharePoint version you are running, I can provide tailored configuration steps. SharePoint People Picker Ports – Josh Roark
Leave a Reply