How can I restrict Active Directory (AD) replication traffic to a specific port?
By default, AD replication via remote procedure calls (RPCs) takes place
dynamically over an available port via the RPC Endpoint Mapper using port 135
(the same as Microsoft Exchange). An administrator may override this
functionality and specify the port that all replication traffic passes through,
thereby locking down the port.
To set a specific port, perform the following steps:
- Start a registry editor (e.g., regedit.exe).
- Go to
- From the edit menu, select New, DWORD Value.
- Enter a name of TCP/IP Port, and press Enter.
- Double-click TCP/IP Port, set the value to the desired port, then click
- Close the registry editor.
- Reboot the domain controller.
Because some routers filter packets, administrators should confirm that they
don't filter out any intermediate network devices or software that filters
packets between domain controllers.
Windows Privacy Tools - http//www.privacywindows.com