Version for print

How can I restrict Active Directory (AD) replication traffic to a specific port?

By default, AD replication via remote procedure calls (RPCs) takes place dynamically over an available port via the RPC Endpoint Mapper using port 135 (the same as Microsoft Exchange). An administrator may override this functionality and specify the port that all replication traffic passes through, thereby locking down the port.

To set a specific port, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
  3. From the edit menu, select New, DWORD Value.
  4. Enter a name of TCP/IP Port, and press Enter.
  5. Double-click TCP/IP Port, set the value to the desired port, then click OK.
  6. Close the registry editor.
  7. Reboot the domain controller.

Because some routers filter packets, administrators should confirm that they don't filter out any intermediate network devices or software that filters packets between domain controllers.

1st Security Center

Internet Security Tweak Pro

Security Officer

Internet Explorer Security

Dark Files

Security Department

1st Security Center

Internet Security Tweak Pro

Security Officer for Windows

Internet Explorer Security

Dark Files

Security Department

Security FAQ

Windows Privacy Tools - http//www.privacywindows.com

Security Officer | Internet Explorer Security | Dark Files | Security Department | Magic Basket
Products | Technical Support | Free Downloads