Admin Tips
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
  - Windows 2000
    - Registry Tips
      - Active Directory
        A Quick Tip To Strict FRS Replication To A Specific Port

Section(s): Active Directory , Active Directory , Active Directory
Published on Oct 22, 2009.
Last Modified on Apr 30, 2009.
Last Modified by Nirmal Sharma.
Rating: Not Rated

This article explains a registry heck which can be used to strict FRS Replication to a specific port.

File Replication Service and Active Directory Replication require that you open more than 10 TCP and UDP ports in Firewall. File Replication Service works on Dynamic RPC port to replicate the SYSVOL contents. Sometimes, it is not possible to open this port range in a production environment. You can strict the FRS Replication to work on a specific port. You enable this functionality by setting the below mentioned registry entries on all the domain controllers where SYSVOL folder is hosted:

KEY NAME: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters
Entry Name: RPC TCP/IP Port Assignment
Type: REG_DWORD
Value: Port No...(for example: 4999)

With above configuration, you only need to open the Port No: 4999 to allow FRS to replicate the contents of SYSVOL to all the domain controllers. This minimizes the security risk in the production environment.

About Nirmal Sharma

Nirmal is a Microsoft MVP in Directory Services and working as a Technical Architect/Consultant. He has been involved in Microsoft Technologies since 1994 and followed the progression of Microsoft Operating Systems and software. He is specialized in Directory Services, Microsoft Clustering, SQL, MOM, Exchange and Citrix. In his spare time, he likes to help others and write "internal" technical articles, white papers and tips on various Microsoft technologies. You can contact him at nirmal_sharma@mvps.org.