File Replication Service and Active Directory Replication require that you open more than 10 TCP and UDP ports in Firewall. File Replication Service works on Dynamic RPC port to replicate the SYSVOL contents. Sometimes, it is not possible to open this port range in a production environment. You can strict the FRS Replication to work on a specific port. You enable this functionality by setting the below mentioned registry entries on all the domain controllers where SYSVOL folder is hosted:
- KEY NAME: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters
- Entry Name: RPC TCP/IP Port Assignment
- Type: REG_DWORD
- Value: Port No...(for example: 4999)
With above configuration, you only need to open the Port No: 4999 to allow FRS to replicate the contents of SYSVOL to all the domain controllers. This minimizes the security risk in the production environment.