Our company is currently planning to deploy RODC in our branch offices. So the end result is that we will have two sites, HQ and branch office. The communications between the RODC and Writeable DC will also pass through our firewall.
We are looking to reduce the no of ports needed to open on the firewall level especially the RPC ports used for AD communtications. We read some of Microsoft articles and they recommend us to restrict the following ports to a fixed ports on our DCs.
2) NTFRS / DRS
But a few articles included the mean of reducing the RPC port range as well. Hence, I would like to check with you guys if restricting the ports for the 3 services above is enough or we should reduce the RPC port range as well?