Intrasite replication in Windows 2000 Server is always performed with RCP over IP transport, which, by default, uses dynamic port mapping (ports between 49151 and 65535). When a domain controller initiates replication with its partner, it uses the well-known port 135 on the server to contact the endpoint mapper. The server then contacts the RPC Locator on this port to determine which port has been assigned for Active Directory (AD) replication. If you have specified a fixed port, AD will use it; if not, it will use a dynamically assigned port. Thus, the client never needs to know which port to use for replication.
Dynamic port mapping can pose a problem when your replication has to go through a firewall or some other port-filtering device. In such cases, you have to specify which traffic you want to pass through. Normally, you won't want to pass all traffic in dynamic range -- it's better to control ports more tightly.
In these circumstances, you have to specify the fixed port for AD replication. To do so, follow these steps:
- Open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
- Double-click the TCP/IP Port entry and specify the new port number.
- Close the Registry Editor.
Miss a Windows 2000 Server tip?
Check out the Windows 2000 Server archive, and catch up on previous Windows 2000 Server columns.
Want more Windows 2000 Server tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!