let's have the scenario:
- domain controller is in trusted network
- a domain member is in DMZ, for example a Remote Desktop Farm and the users are authenticated through the domain

->> you need to open a lot of ports to get things running

>> see also document at microsoft page: Service overview and network port requirements for Windows

my sample firewall rule look like this:

rds / windows server > to domain controller
53 udp dns
88 tcp kerberos
123 udp ntp
135 tcp location servcies
389 tcp ldap unsecure
445 tcp smb
636 tcp ldap secure
3268 tcp ldap gc
3269 tcp ldap secure gc
49152-65535 tcp upper portrange

computer2know :: thank you for your visit :: have a nice day :: © 2022