System requirements for ADSelfService Plus
This page outlines the hardware, software, and network requirements to install and run ManageEngine ADSelfService Plus effectively. Ensure your environment meets these specifications for optimal performance and stability.
Hardware requirements
Ensure that the server designated for ADSelfService Plus installation meets the following hardware specifications:
| Component | Minimum requirements | Recommended requirements |
|---|---|---|
| Processor and cores | 2.4 GHz, 2 cores | 3 GHz, 4 cores |
| RAM | 8 GB | 16 GB or higher |
| Disk Space | 100 GB (SSD preferred) | 200 GB (SSD preferred) |
Note: These requirements vary depending on the number of users, domains, and configured modules. For large-scale deployments, contact support@adselfserviceplus.com for sizing guidance.
Software requirements
Supported platforms
ManageEngine ADSelfService Plus can be installed on the following Windows operating systems:
| Windows server editions | Windows client editions |
|---|---|
| Windows Server 2025 | Windows 11 |
| Windows Server 2022 | Windows 10 |
| Windows Server 2019 | Windows 8.1 |
| Windows Server 2016 | Windows 8 |
| Windows Server 2012 R2 | Windows 7 |
| Windows Server 2012 | |
| Windows Server 2008 R2 |
Supported browsers
Internet Explorer 11 and above
Firefox 4 and above
Chrome 10 and above
Microsoft Edge
Note: The admin portal is not supported in Internet Explorer. Use Firefox, Chrome, or Microsoft Edge to access the admin portal.
Supported databases
ADSelfService Plus includes a built-in PostgreSQL database for storing user enrollment information, domain configurations, certain AD attribute values, and ADSelfService Plus reports data. For enterprise environments, you can also configure an external Microsoft SQL or PostgreSQL database to store this data. The supported database versions are:
PostgreSQL
| ADSelfService Plus build number | Supported PostgreSQL versions |
|---|---|
| 6513 and above | PostgreSQL 14.x and 15.x |
| 6500 to 6512 | PostgreSQL 12, 13 and 14 |
| 6100 to 6410 | PostgreSQL 9.4-9.6, 10.0-10.15, and 11.0-11.7 |
| 5500 to 6013 | PostgreSQL 9.2-9.6 |
Microsoft SQL
| ADSelfService Plus build number | Supported MS SQL versions |
|---|---|
| 6500 and above | Microsoft SQL Server 2012 and above |
| 5500 to 6410 | Microsoft SQL Server 2005 and above |
Note: If your ADSelfService Plus server is using a MySQL database, we recommend migrating to PostgreSQL. Contact the support team at support@adselfserviceplus.com to know more.
Screen resolution
For the best user experience, we recommend a minimum screen resolution of 1024 x 768 pixels.
Login agent requirements
The ADSelfService Plus login agent enables password self-service and multi-factor authentication (MFA) directly from the machine login screen.
Supported platforms
The login agent can be installed on the following platforms:
| Windows servers | Windows clients | macOS clients | Linux clients |
|---|---|---|---|
| Windows Server 2025 | Windows 11 | macOS 26 Tahoe** | SLES/SLED 12.x to 15.x and openSUSE Leap 15.6 * |
| Windows Server 2022 | Windows 10 | macOS 15 Sequoia | Red Hat Enterprise Linux 8.x-9.x* |
| Windows Server 2019 | Windows 8.1 | macOS 14 Sonoma | Rocky Linux 8.x-9.x* |
| Windows Server 2016 | Windows 8 | macOS 13 Ventura | Ubuntu 16.x-20.04.4 |
| Windows Server 2012 R2 | Windows 7 | macOS 12 Monterey | Fedora 27.x-31.x |
| Windows Server 2012 | Windows Vista | macOS 11 Big Sur | CentOS 7.x-8.x and CentOS Stream 9.x |
| Windows Server 2008 R2 | macOS 10.15 Catalina | ||
| Windows Server 2008 | macOS 10.14 Mojave | ||
| macOS 10.13 High Sierra | |||
| macOS 10.12 Sierra | |||
| OS X 10.11 El Capitan | |||
| OS X 10.10 Yosemite |
* Linux platform support
- On SLES/SLED 12.x to 15.x, openSUSE Leap 15.6, Red Hat Enterprise Linux and Rocky Linux, the login agent currently supports machine login MFA. Password self-service from the login screen is not yet available for these platforms.
- Official testing covers only the Linux distributions listed above, though the agent may also run on other Linux distributions. To confirm compatibility with your distribution, contact support@adselfserviceplus.com.
- ** The macOS login agent is presently unavailable for installation via the admin portal on macOS Tahoe 26.3 and later versions because of an SSH flaw in those versions of macOS; however, it can be installed using alternative methods.
Port requirements
For ADSelfService Plus to function correctly, please ensure the following ports are open in your firewall to allow communication between the product's server and its various components.
Server and domain controller ports
The following ports must be opened on the ADSelfService Plus server, DNS server, DHCP server, email server, and domain controllers.
| Port | Protocol | Service/Purpose | Connection outbound from | Connection inbound to | Feature |
|---|---|---|---|---|---|
| Varies (SMTP port) | TCP | Email communication. This port is not mandatory and is to be enabled only if the mail server is going to be configured in ADSelfService Plus for sending notifications and verification codes. | ADSelfService Plus server | Email server | |
| 42 | TCP | Host name server protocol | ADSelfService Plus server | Domain controller | |
| 53 | TCP/UDP | DNS resolution | ADSelfService Plus server | DNS server | Domain configuration |
| 67 | UDP | Used to fetch information | ADSelfService Plus server | DHCP server | |
| 88 | TCP/UDP | Kerboros authentication. Used to fetch information on user and computer authentication. | ADSelfService Plus server | Domain controller | User authentication |
| 135 | TCP | RPC endpoint mapper | ADSelfService Plus server | Domain controller | Windows login agent installation, NTLM SSO |
| 137-139 | TCP/UDP | NetBIOS name resolution and Netlogon. | ADSelfService Plus server | Domain controller | Domain configuration |
| 389 | TCP/UDP | LDAP communication. Used to fetch information related to the directory, user and computer authentication, and Group Policy. | ADSelfService Plus server | Domain controller | LDAP communication |
| 445 | TCP/UDP | SMB in Netlogon service communication | ADSelfService Plus server | Domain controller | Windows login agent installation, NTLM SSO |
| 464 | TCP/UDP | Kerboros password changes or resets. Used to change or set user passwords | ADSelfService Plus server | Domain controller | Password reset and change password |
| 593 | TCP | RPC over HTTPS | ADSelfService Plus server | Domain controller | |
| 636 | TCP | Used to fetch information on Group Policy and user and computer authentication. | ADSelfService Plus server | Domain controller | |
| 2535 | TCP | DHCP | ADSelfService Plus server | Domain controller | |
| 3268 -3269 | TCP | LDAP/LDAPS Global Catalog. Used to fetch information related to the directory, user authentication, computer authentication, and Group Policy. | ADSelfService Plus server | Domain controller | |
| 49152-65535 (1025-5000 for Windows 2000 XP and Windows Server 2003) | TCP | RPC for AD communication and Microsoft SQL named instances.Used for AD communication and for Microsoft SQL Server named instances | ADSelfService Plus server | Domain controller | Dynamic ports for AD communication |
| 5985 | WinRM - HTTP | Used for PowerShell remoting. | ADSelfService Plus server | Domain controller | |
| 5986 | WinRM - HTTPS | Used for secure PowerShell remoting. | ADSelfService Plus server | Domain controller | |
| 7800 | TCP | Used for communication between ADSelfService Plus instances in a load-balanced setup. | ADSelfService Plus server | ADSelfService Plus server (Load Balancer) |
Push notifications ports
Open these ports only if you are using push notifications in the ADSelfService mobile app.
| Port | Protocol | Purpose | Connection outbound from | Connection inbound to |
|---|---|---|---|---|
| 443, 5223, 2197 | HTTPS | Apple push notifications | ADSelfService Plus | api.push.apple.com |
| 443, 5228, 5229, 5230, and 80 | HTTPS | Android push notifications | ADSelfService Plus | fcm.googleapis.com, oauth2.googleapis.com |
External MS SQL database ports
Open the following ports if an external Microsoft SQL database is used.
| Port | Protocol | Purpose | Connection outbound from | Connection inbound to |
|---|---|---|---|---|
| 1433 | TCP | To communicate with the Microsoft SQL Server default instance | ADSelfService Plus server | Microsoft SQL server |
| 1434 | UDP | To communicate with the Microsoft SQL Server browser service | ADSelfService Plus server | Microsoft SQL server |
User machine and agent ports
These ports need to be open on computers that will access the ADSelfService Plus user portal or have the login agent or the password sync agent installed. The port numbers listed below are the default port numbers for HTTP and HTTPS connections. You can configure ADSelfService Plus to use different ports if needed. In that case, ensure to open the custom ports configured.
| Port | Protocol | Services | Connection Outbound From | Connection Inbound To |
|---|---|---|---|---|
| 8888 <or> {customized port| | TCP | HTTP | ADSelfService Plus web client; Windows, macOS, and Linux login agent; and password sync agent | ADSelfService Plus server |
| 9251 <or> {customized port| | TCP | HTTPS | ADSelfService Plus web client; Windows, macOS, and Linux login agent; and password sync agent | ADSelfService Plus server |
Firewall settings
To ensure that ADSelfService Plus can receive updates, security patches, and support, it is recommended to allow the following domains and endpoints in your firewall.
| Domain | Endpoint | Purpose |
|---|---|---|
| *.zoho.in | https://creator.zoho.in | To download product updates and apply security patches. To enable talkback and support requests. To collect anonymous product usage statistics for product improvement. |
| *.zoho.in | https://salesiq.zohopublic.in/ | Used for the Live Chat feature in the Support tab. |
| *.manageengine.com | https://pitstop.manageengine.com | Displays recent forum posts and announcements in the Support tab. |
| *.manageengine.com | https://updates.manageengine.com | Used to import certificates required to verify the integrity of service packs. |
| *.manageengine.com | https://www.manageengine.com/products/self-service-password/release-notes.html | Provides access to the latest product release notes. |
| *.manageengine.com | https://www.manageengine.com/products/self-service-password/help/ | Links to the official product online admin guide. |
| *.zohocorp.com | https://uploads.zohocorp.com | Used to download patch files, if any |
| *.zohocorp.com | https://bonitas.zohocorp.com/ | Facilitates the upload of log files for troubleshooting by the support team. |
Note: If you are using OAuth or OpenID Connect (OIDC) SSO, also allow the authorization, token, and user-info endpoint URLs of each configured OAuth/OIDC application or identity provider through your firewall. These endpoints vary by application and can be found under Configuration > Self-Service > Password Sync/Single Sign On > [Application] > Edit > IdP Details.