The Local Zoo - Microsoft Windows Tips and Tricks

Restricting Active Directory traffic to a single port

Part of my job includes looking after a well spread Active Directory infrastructure. Some of the domain controllers in the forest are on different networks, protected by firewalls. Active directory normally uses port 135 and then a random higher port, to communicate for replication. Rather than opening all the TCP ports above 1024 in your firewall, you can follow these instructions and restrict the behaviour to one pre-defined port.