How can I restrict Active Directory (AD) replication traffic to a specific port?

By default, AD replication via remote procedure calls (RPCs) takes place dynamically over an available port via the RPC Endpoint Mapper using port 135 (the same as Microsoft Exchange). An administrator may override this functionality and specify the port that all replication traffic passes through, thereby locking down the port.

To set a specific port, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
  3. From the edit menu, select New, DWORD Value.
  4. Enter a name of TCP/IP Port, and press Enter.
  5. Double-click TCP/IP Port, set the value to the desired port, then click OK.
  6. Close the registry editor.
  7. Reboot the domain controller.

Because some routers filter packets, administrators should confirm that they don't filter out any intermediate network devices or software that filters packets between domain controllers.

1st Security Agent

Mail Bomber

Security Administrator

PC Lockup

Access Lock

Access Administrator Pro

ABC Security Protector

1st Security Agent

Mail Bomber

Security Administrator for Windows

PC Lockup

Access Lock

Access Administrator

ABC Security Protector

http//www.softheap.com