Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
Just wanted to put this here as it's not been easy to find this information anywhere:
ADLDS registers a custom RPC port which is by default taken from the dynamic port range 49152-65535, this is NOT the same as the LDAP port specified for the instance. On ADAM the same thing applies but the dynamic port range there is 1025-5000.
This means that if you're upgrading from ADAM to ADLDS and are using firewalls with aggressive blocking between your ADAM instances then you'll need to update the firewall rules to allow the new dynamic port range.
Alternatively, you can also lock down each ADAM or ADLDS instance to a specific RPC port using the following registry entry:
Registry value: TCP/IP PortValue type: REG_DWORDValue data: (available port)
This is effectively the same as the setting for NTDS in KB224196 but needs to reference each ADLDS instance and use a separate port for each.The DCTcpipPort entry only applies to Netlogon on DC's and shouldn't need to be set.
The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008http://support.microsoft.com/kb/929851
Understanding ADAM bind redirectionhttp://technet.microsoft.com/en-us/library/cc758386(v=WS.10).aspx
Restricting Active Directory replication traffic and client RPC traffic to a specific porthttp://support.microsoft.com/kb/224196
Active Directory Application Mode Tools and Settingshttp://technet.microsoft.com/en-us/library/cc739021(v=WS.10).aspx
Active Directory Lightweight Directory Services (ADLDS) Monitoring Management Packhttp://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=1451
ADLDS ASKDS entries:http://blogs.technet.com/b/askds/archive/2009/04/02/one-stop-audit-shop-for-adam-and-adlds.aspx http://blogs.technet.com/b/askds/archive/2011/05/27/viewing-adlds-traffic-with-netmon-where-is-my-ldap.aspx