The Real Replication Traffic

Reading Time: 2 minutes

So I was doing some tests at one of my favorite customers in the world 😉 they allowed me to share the information of a test on replication of a domain controller on a different site on a single forest single domain infrastructure. The key here is that we have preloaded 120 000 users and the replication you will see in this post deals with these 120 000 users (amongst other things) being replicated during a DCPROMO.

Network Ports Used by Active Directory Replication

RPC replication uses dynamic port mapping as per the default setting. When you need to connect to an RPC endpoint during Active Directory replication, RPC uses TCP port 135.   RPC on the client contacts the RPC endpoint mapper on the server at a well-known port and RPC randomly allocates high TCP ports from port 1024 to 65536. Because of this configuration, a client will never need to know what port to use for Active Directory replication; the process is seamless. There are also other ports assigned for Active Directory replication. There are as follows:


The table below state the variables we used to set the sniffer and QoS on the routers while conducting the test:




Sniffer Protocol IP Distribution View

The statistics below reflect the breakdown of the IP packets used


And then finally (I have tried to keep the post short) this is what goes on, on your wires when you do a DCPROMO of a new domain controller for a different site that has (amongst other things) 120 000 Users with the basic (12 attributes) populated. The first image (WARNING: Very large format), is a graphical representation of the traffic flow, the next image is a tabular representation of the traffic flow. IP address and server names have been removed to protect the innocent.


Tabular format: