Assigning a static RPC port to ADLDS or ADAM for replication

Just wanted to put this here as it's not been easy to find this information anywhere:

ADLDS registers a custom RPC port which is by default taken from the dynamic port range 49152-65535, this is NOT the same as the LDAP port specified for the instance. On ADAM the same thing applies but the dynamic port range there is 1025-5000.

This means that if you're upgrading from ADAM to ADLDS and are using firewalls with aggressive blocking between your ADAM instances then you'll need to update the firewall rules to allow the new dynamic port range.

Alternatively, you can also lock down each ADAM or ADLDS instance to a specific RPC port using the following registry entry:


HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices<ADLDS or ADAM instance>Parameters

Registry value:  TCP/IP Port
Value type:  REG_DWORD
Value data: (available port)


This is effectively the same as the setting for NTDS in KB224196 but needs to reference each ADLDS instance and use a separate port for each.
The DCTcpipPort entry only applies to Netlogon on DC's and shouldn't need to be set.


The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008

Understanding ADAM bind redirection

Restricting Active Directory replication traffic and client RPC traffic to a specific port

Active Directory Application Mode Tools and Settings

Active Directory Lightweight Directory Services (ADLDS) Monitoring Management Pack

 ADLDS ASKDS entries:

Comments (0)

Skip to main content