By default, its port 5007. It will initiate from the client/server to the PAN on the management interface. You should be able to see it connect if you go to the Device tab -> User Identification ->User-ID agent subtab. The ball should be green. Also if you have the local firewall turned on on the server, make sure you are allowing port 5007/tcp outbound.
Think the question was what port the UserID agent uses to talk to AD (not the Palo).
UserID to AD servers port usage is referenced here:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!