Active Directory on Fixed Ports

Posted by & filed under .

ad-directoryActive Directory on Fixed Ports

If you’ve landed on this page and you just want to set Active Directory on Fixed Ports, set the three registry keys listed in the following two articles:

Restricting Active Directory replication traffic and client RPC traffic to a specific port

REMEMBER: Backup your registry, and make sure you know what you’re doing (yadda yadda yadda)

1st Key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters

Registry value: TCP/IP Port
Value type: REG_DWORD
Value data: (available port)

2nd Key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters

Registry value: DCTcpipPort
Value type: REG_DWORD
Value data: (available port)

NOTE: This second key is the the port that clients will negotiate in order to perform logons.

How to restrict FRS replication traffic to a specific static port

3rd Key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTFRSParameters

Registry Value: RPC TCP/IP Port Assignment
Value type: REG_DWORD
Value data: (available port)

Setting RPC to use a Fixed Port Range

If you’re going to set RPC Internet ports as outlined in this article, make sure you set things correctly, as inadvertantly setting UseInternetPorts to “N” can cause strange behavior on Windows 2008.

Leave a Reply

Your email address will not be published. Required fields are marked *