Free EditionThis page outlines the hardware, software, and network requirements to install and run ManageEngine ADSelfService Plus effectively. Ensure your environment meets these specifications for optimal performance and stability.
Ensure that the server designated for ADSelfService Plus installation meets the following hardware specifications:
| Component | Minimum requirements | Recommended requirements |
| Processor and cores | 2.4 GHz, 2 cores | 3 GHz, 4 cores |
| RAM | 8 GB | 16 GB |
| Disk Space | 100 GB (SSD preferred) | 200 GB (SSD preferred) |
ManageEngine ADSelfService Plus can be installed on the following Windows operating systems:
| Windows server editions | Windows client editions |
| Windows Server 2025 | Windows 11 |
| Windows Server 2022 | Windows 10 |
| Windows Server 2019 | Windows 8.1 |
| Windows Server 2016 | Windows 8 |
| Windows Server 2012 R2 | Windows 7 |
| Windows Server 2012 | |
| Windows Server 2008 R2 |
Access the ADSelfService Plus web portal using one of these supported browsers:
ADSelfService Plus includes a built-in PostgreSQL database for storing user enrollment information, domain configurations, certain AD attribute values, and ADSelfService Plus reports data. For enterprise environments, you can also configure an external Microsoft SQL or PostgreSQL database to store this data. The supported database versions are:
PostgreSQL
| ADSelfService Plus build number | Supported PostgreSQL versions |
| 6513 and above | PostgreSQL 14.x and 15.x |
| 6500 to 6512 | PostgreSQL 12, 13 and 14 |
| 6100 to 6410 | PostgreSQL 9.4-9.6, 10.0-10.15, and 11.0-11.7 |
| 5500 to 6013 | PostgreSQL 9.2-9.6 |
Microsoft SQL
| ADSelfService Plus build number | Supported MS SQL versions |
| 6500 and above | Microsoft SQL Server 2012 and above |
| 5500 to 6410 | Microsoft SQL Server 2005 and above |
Screen resolution:
For the best user experience, we recommend a minimum screen resolution of 1024 x 768 pixels.
The ADSelfService Plus login agent enables password self-service and multi-factor authentication (MFA) directly from the machine login screen.
The login agent can be installed on the following platforms:
| Windows servers | Windows clients | macOS clients | Linux clients |
| Windows Server 2025 | Windows 11 | macOS 26 Tahoe ** | SLES/SLED 12.x to 15.x and openSUSE Leap 15.6 * |
| Windows Server 2022 | Windows 10 | macOS 15 Sequoia | Red Hat Enterprise Linux 8.x-9.x* |
| Windows Server 2019 | Windows 8.1 | macOS 14 Sonoma/td> | Rocky Linux 8.x-9.x* |
| Windows Server 2016 | Windows 8 | macOS 13 Ventura | Ubuntu 16.x-20.04.4 |
| Windows Server 2012 R2 | Windows 7 | macOS 12 Monterey | Fedora 27.x-31.x |
| Windows Server 2012 | Windows Vista | macOS 11 Big Sur | CentOS 7.x-8.x and CentOS Stream 9.x |
| Windows Server 2008 R2 | macOS 10.15 Catalina | ||
| Windows Server 2008 | macOS 10.14 Mojave | ||
| macOS 10.13 High Sierra | |||
| macOS 10.12 Sierra | |||
| OS X 10.11 El Capitan | |||
| OS X 10.10 Yosemite |
* Linux platform support
For ADSelfService Plus to function correctly, please ensure the following ports are open in your firewall to allow communication between the product's server and its various components.
The following ports must be opened on the ADSelfService Plus server, DNS server, DHCP server, email server, and domain controllers.
| Port | Protocol | Service/Purpose | Connection outbound from | Connection inbound to | Feature |
| Varies (SMTP port) | TCP | Email communication. This port is not mandatory and is to be enabled only if the mail server is going to be configured in ADSelfService Plus for sending notifications and verification codes. | ADSelfService Plus server | Email server | |
| 42 | TCP | Host name server protocol | ADSelfService Plus server | Domain controller | |
| 53 | TCP/UDP | DNS resolution | ADSelfService Plus server | DNS server | Domain configuration |
| 67 | UDP | Used to fetch information | ADSelfService Plus server | DHCP server | |
| 88 | TCP/UDP | Kerboros authentication. Used to fetch information on user and computer authentication. | ADSelfService Plus server | Domain controller | User authentication |
| 135 | TCP | RPC endpoint mapper | ADSelfService Plus server | Domain controller | Windows login agent installation, NTLM SSO |
| 137-139 | TCP/UDP | NetBIOS name resolution and Netlogon. | ADSelfService Plus server | Domain controller | Domain configuration |
| 389 | TCP/UDP | LDAP communication. Used to fetch information related to the directory, user and computer authentication, and Group Policy. | ADSelfService Plus server | Domain controller | LDAP communication |
| 445 | TCP/UDP | SMB in Netlogon service communication | ADSelfService Plus server | Domain controller | Windows login agent installation, NTLM SSO |
| 464 | TCP/UDP | Kerboros password changes or resets. | ADSelfService Plus server | Domain controller | Password reset and change password |
| 593 | TCP | RPC over HTTPS | ADSelfService Plus server | Domain controller | |
| 636 | TCP | Used to fetch information on Group Policy and user and computer authentication. | ADSelfService Plus server | Domain controller | |
| 2535 | TCP | DHCP | ADSelfService Plus server | Domain controller | |
| 3268 -3269 | TCP | LDAP/LDAPS Global Catalog. Used to fetch information related to the directory, user authentication, computer authentication, and Group Policy. | ADSelfService Plus server | Domain controller | |
| 49152-65535 (1025-5000 for Windows 2000 XP and Windows Server 2003) | TCP | RPC for AD communication and Microsoft SQL named instances. | ADSelfService Plus server | Domain controller | Dynamic ports for AD communication |
| 5985 | WinRM - HTTP | Used for PowerShell remoting. | ADSelfService Plus server | Domain controller | |
| 5986 | WinRM - HTTPS | Used for secure PowerShell remoting. | ADSelfService Plus server | Domain controller | |
| 7800 | TCP | Used for communication between ADSelfService Plus instances in a load-balanced setup. | ADSelfService Plus server | ADSelfService Plus server (Load Balancer) |
Open these ports only if you are using push notifications in the ADSelfService mobile app.
| Port | Protocol | Purpose | Connection outbound from | Connection inbound to |
| 443, 5223, 2197 | HTTPS | Apple push notifications | ADSelfService Plus | api.push.apple.com |
| 443, 5228, 5229, 5230, and 80 | HTTPS | Android push notifications | ADSelfService Plus | fcm.googleapis.com, oauth2.googleapis.com |
Open the following ports if an external Microsoft SQL database is used.
| Port | Protocol | Purpose | Connection outbound from | Connection inbound to |
| 1433 | TCP | To communicate with the Microsoft SQL Server default instance | ADSelfService Plus server | Microsoft SQL server |
| 1434 | UDP | To communicate with the Microsoft SQL Server browser service | ADSelfService Plus server | Microsoft SQL server |
These ports need to be open on computers that will access the ADSelfService Plus user portal or have the login agent or the password sync agent installed. The port numbers listed below are the default port numbers for HTTP and HTTPS connections. You can configure ADSelfService Plus to use different ports if needed. In that case, ensure to open the custom ports configured.
| Port | Protocol | Services | Connection Outbound From | Connection Inbound To |
| 8888 <or> (customized port) | TCP | HTTP | ADSelfService Plus web client; Windows, macOS, and Linux login agent; and password sync agent | ADSelfService Plus server |
| 9251 <or> (customized port) | TCP | HTTPS | ADSelfService Plus web client; Windows, macOS, and Linux login agent; and password sync agent | ADSelfService Plus server |
To ensure that ADSelfService Plus can receive updates, security patches, and support, it is recommended to allow the following domains and endpoints in your firewall.
| Domain | Endpoint | Purpose |
| *.zoho.in | https://creator.zoho.in |
|
| https://salesiq.zohopublic.in/ | Used for the Live Chat feature in the Support tab. | |
| *.manageengine.com | https://pitstop.manageengine.com | Displays recent forum posts and announcements in the Support tab. |
| https://updates.manageengine.com | Used to import certificates required to verify the integrity of service packs. | |
| https://www.manageengine.com/products/self-service-password/release-notes.html | Provides access to the latest product release notes. | |
| https://www.manageengine.com/products/self-service-password/help/ | Links to the official product online admin guide. | |
| *.zohocorp.com | https://uploads.zohocorp.com | Used to download patch files, if any |
| https://bonitas.zohocorp.com/ | Facilitates the upload of log files for troubleshooting by the support team. |
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.
