Hello all, Environment - Mixed mode Windows 2000 and 2003 domain controllers. One empty root and 8 child domains. Most domains have 3-5 DCs for redundancy and DR. One domain has 25 DCs for their branch offices, but they are not behind any firewalls. Two of the domains are behind separate internal firewalls.
We currently have the communication going through the firewall via IPSec, but one of the domains wants the traffic to be "visible" for auditing purposes. Questions - Regarding ports required for AD replication over a firewall (using the MS white paper as a reference), would limiting RPC to one port make ourselves susceptible to saturation? There is some client communication to worry about, from a few clusters. Is there a way to make this entry a range versus just one port? Would we have to make this registry modification on all DCs that are not behind a firewall or just the ones that we would like to limit? Scenario: Rootdc is on the Corporate side of the firewall with most of the DCs. ChildDC1 is also on the Corporate side of the firewall. ChildDC2 is behind a divisional firewall. We make the limited RPC registry entry on Rootdc and ChildDC2, but do we have to make it on ChildDC1 as well? Another q article, 154596, mentions RPC dynamic port allocation as well, but I noticed it was different registry key than the DC-DC communication. Would creating a range this way solve the one port listing from above? Thank you for your assistance, Charles ------------------------------------------------------------------------------ The information in this e-mail and any attachments are for the sole use of the intended recipient and may contain privileged and confidential information. If you are not the intended recipient, any use, disclosure, copying or distribution of this message or attachment is strictly prohibited. If you believe that you have received this e-mail in error, please contact the sender immediately and delete the e-mail and all of its attachments. ============================================================================== List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
