If you’ve landed on this page and you just want to set Active Directory on Fixed Ports, set the three registry keys listed in the following two articles:
Restricting Active Directory replication traffic and client RPC traffic to a specific port
REMEMBER: Backup your registry, and make sure you know what you’re doing (yadda yadda yadda)
1st Key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters
Registry value: TCP/IP Port
Value type: REG_DWORD
Value data: (available port)
Registry value: DCTcpipPort
Value type: REG_DWORD
Value data: (available port)
NOTE: This second key is the the port that clients will negotiate in order to perform logons.
How to restrict FRS replication traffic to a specific static port
3rd Key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTFRSParameters
Registry Value: RPC TCP/IP Port Assignment
Value type: REG_DWORD
Value data: (available port)
Setting RPC to use a Fixed Port Range
If you’re going to set RPC Internet ports as outlined in this article, make sure you set things correctly, as inadvertantly setting UseInternetPorts to “N” can cause strange behavior on Windows 2008.
