A Quick Tip To Strict FRS Replication To A Specific Port

by [Published on 22 Oct. 2009 / Last Updated on 30 April 2009]

This article explains a registry heck which can be used to strict FRS Replication to a specific port.

File Replication Service and Active Directory Replication require that you open more than 10 TCP and UDP ports in Firewall. File Replication Service works on Dynamic RPC port to replicate the SYSVOL contents. Sometimes, it is not possible to open this port range in a production environment. You can strict the FRS Replication to work on a specific port. You enable this functionality by setting the below mentioned registry entries on all the domain controllers where SYSVOL folder is hosted:

  • KEY NAME: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters
  • Entry Name: RPC TCP/IP Port Assignment
  • Type: REG_DWORD
  • Value: Port No...(for example: 4999)

With above configuration, you only need to open the Port No: 4999 to allow FRS to replicate the contents of SYSVOL to all the domain controllers. This minimizes the security risk in the production environment.

See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links