I have several clients who have multiple sites, as well as multiple Active Directory (AD) forests. As security is so important they want to lock things down the best they can, but they also need to open up the necessary ports to allow the domain trusts to work. The ports required for this are:
|Port Number||Protocol||Traffic Type|
|53||TCP/UDP||Domain Naming Service (DNS)|
|445||TCP||Server Message Block (SMB)|
These ports should work for every version of Active Directory dating back to Server 2000, but I have not tried anything earlier than 2012.