A Quick Tip To Strict AD Replication To A Specific Port

by [Published on 22 Oct. 2009 / Last Updated on 22 Oct. 2009]

This article explains a registry entry which can be used to strict the AD Replication traffic to a specific port.

Active Directory Replication works on many ports. Domain Controllers replicate with its partners using TCP 389, RPC 135, DNS 53 etc. There are more than 10 ports need to be opened in the firewall. Sometimes, it is not possible to open all the port range in the production environment. You can allow Active Directory Replication to work on one port only by modiyfing the following registry on each domain controller:

Registry Entry 1

  • KEY NAME: HEKY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
  • Entry Name: TCP/IP Port
  • Value: Port No...

Registry Entry 2 

  • KEY NAME: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  • Entry Name: DCTcpipPort
  • Value: Port No...

See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Featured Links