A Quick Tip To Strict AD Replication To A Specific Port

This article explains a registry entry which can be used to strict the AD Replication traffic to a specific port.
Active Directory Replication works on many ports. Domain Controllers replicate with its partners using TCP 389, RPC 135, DNS 53 etc. There are more than 10 ports need to be opened in the firewall. Sometimes, it is not possible to open all the port range in the production environment. You can allow Active Directory Replication to work on one port only by modiyfing the following registry on each domain controller:

Registry Entry 1

  • KEY NAME: HEKY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
  • Entry Name: TCP/IP Port
  • Value: Port No...

Registry Entry 2 

  • KEY NAME: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  • Entry Name: DCTcpipPort
  • Value: Port No...

About Nirmal Sharma

Nirmal is a Microsoft MVP in Directory Services and working as a Technical Architect/Consultant. He has been involved in Microsoft Technologies since 1994 and followed the progression of Microsoft Operating Systems and software. He is specialized in Directory Services, Microsoft Clustering, SQL, MOM, Exchange and Citrix. In his spare time, he likes to help others and write "internal" technical articles, white papers and tips on various Microsoft technologies. You can contact him at nirmal_sharma@mvps.org.


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred network administration tool?