Skip navigation
Menu
End-User Platforms>Active Directory

How can I restrict Active Directory (AD) replication traffic to a specific port?

A. By default, AD replication via remote procedure calls (RPCs) takes place dynamically over an available port via the RPC Endpoint Mapper using port 135 (the same as Microsoft Exchange). An administrator may override this functionality and specify the port that all replication traffic passes through, thereby locking down the port.

To set a specific port, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
  3. From the edit menu, select New, DWORD Value.
  4. Enter a name of TCP/IP Port, and press Enter.
  5. Double-click TCP/IP Port, set the value to the desired port, then click OK.
  6. Close the registry editor.
  7. Reboot the domain controller.

Because some routers filter packets, administrators should confirm that they don't filter out any intermediate network devices or software that filters packets between domain controllers.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
computer password entry box overlaying a keyboard
How To Use PowerShell for Active Directory Password Help
Mar 18, 2024
Microsoft CEO Satya Nadella on stage at Microsoft Ignite 2023
Top 10 Stories About Microsoft in 2023
Dec 22, 2023
A keyboard key shows a cloud icon and says the word 'connect'
How to Access Azure AD in PowerShell
May 09, 2023
arrows on a blue background
How To Import the PowerShell Active Directory Module
May 02, 2023