Intrasite replication in Windows 2000 Server is always performed with RCP over IP transport, which, by default, uses dynamic port mapping (ports between 49151 and 65535). When a domain controller initiates replication with its partner, it uses the well-known port 135 on the server to contact the endpoint mapper. The server then contacts the RPC Locator on this port to determine which port has been assigned for Active Directory (AD) replication. If you have specified a fixed port, AD will use it; if not, it will use a dynamically assigned port. Thus, the client never needs to know which port to use for replication.
Dynamic port mapping can pose a problem when your replication has to go through a firewall or some other port-filtering device. In such cases, you have to specify which traffic you want to pass through. Normally, you won’t want to pass all traffic in dynamic range — it’s better to control ports more tightly.
In these circumstances, you have to specify the fixed port for AD replication. To do so, follow these steps:
- Open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
- Double-click the TCP/IP Port entry and specify the new port number.
- Close the Registry Editor.