All, I am building out a new green field AD forest. As part of our previous forest config, we restricted replication between Domain Controllers to a single port outside of the ephemeral range. See https://support.microsoft.com/en-us/kb/179442. I recall reading some years ago that clients needed access to the replication port to be able to process group policy correctly. So we opened that port up to our clients. Now that I am green fielding a new forest, I am questioning everything that we did and trying to fully document it.
I just can’t remember the reason for why we had to allow that port to our clients and have since lost the URL to the article that I got the information from. I am hoping that someone knows the answer to this and can point me to the article or explain the reason behind it. Does anyone know the answer? If I can find the answer I will post it as a follow up. Brian Britt