This is the document you are looking for: Active Directory and Active Directory Domain Services Port Requirements

Default dynamic port range

In a domain that consists of Windows Server® 2003–based domain controllers, the default dynamic port range is 1025 through 5000. Windows Server 2008 R2 and Windows Server 2008, in compliance with Internet Assigned Numbers Authority (IANA) recommendations, increased the dynamic port range for connections. The new default start port is 49152, and the new default end port is 65535. Therefore, you must increase the remote procedure call (RPC) port range in your firewalls. If you have a mixed domain environment that includes a Windows Server 2008 R2 and Windows Server 2008 server and Windows Server 2003, allow traffic through ports 1025 through 5000 and 49152 through 65535.

When you see “TCP Dynamic” in the Protocol and Port column in the following table, it refers to ports 1025 through 5000, the default port range for Windows Server 2003, and ports 49152 through 65535, the default port range beginning with Windows Server 2008.

.

Communication to Domain Controllers

The following table lists the port requirements for establishing DC to DC communication in all versions of Windows Sever beginning with Windows Server 2003.

Additional ports are required for communication between a read-only domain controller (RODC) and a writeable DC.

Protocol and Port: TCP and UDP 389
AD and AD DS Usage: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Type of Traffic: LDAP

Protocol and Port: TCP 636
AD and AD DS Usage: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Type of Traffic: LDAP SSL

Protocol and Port: TCP 3268
AD and AD DS Usage: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Type of Traffic: LDAP GC

Protocol and Port: TCP 3269
AD and AD DS Usage: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Type of Traffic: LDAP GC SSL

Protocol and Port: TCP and UDP 88
AD and AD DS Usage: User and Computer Authentication, Forest Level Trusts
Type of Traffic: Kerberos

Protocol and Port: TCP and UDP 53
AD and AD DS Usage: User and Computer Authentication, Name Resolution, Trusts
Type of Traffic: DNS

Protocol and Port: TCP and UDP 445
AD and AD DS Usage: Replication, User and Computer Authentication, Group Policy, Trusts
Type of Traffic: SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

Protocol and Port: TCP 25
AD and AD DS Usage: Replication
Type of Traffic: SMTP

Protocol and Port: TCP 135
AD and AD DS Usage: Replication
Type of Traffic: RPC, EPM

Protocol and Port: TCP Dynamic
AD and AD DS Usage: Replication, User and Computer Authentication, Group Policy, Trusts
Type of Traffic: RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS

Protocol and Port: TCP 5722
AD and AD DS Usage: File Replication
Type of Traffic: RPC, DFSR (SYSVOL)

Protocol and Port: UDP 123
AD and AD DS Usage: Windows Time, Trusts
Type of Traffic: Windows Time

Protocol and Port: TCP and UDP 464
AD and AD DS Usage: Replication, User and Computer Authentication, Trusts
Type of Traffic: Kerberos change/set password

Protocol and Port: UDP Dynamic
AD and AD DS Usage: Group Policy
Type of Traffic: DCOM, RPC, EPM

Protocol and Port: UDP 138
AD and AD DS Usage: DFS, Group Policy
Type of Traffic: DFSN, NetLogon, NetBIOS Datagram Service

Protocol and Port: TCP 9389
AD and AD DS Usage: AD DS Web Services
Type of Traffic: SOAP

Protocol and Port: UDP 67 and UDP 2535
AD and AD DS Usage: DHCP (DHCP is not a core AD DS service but it is often present in many AD DS deployments.)
Type of Traffic: DHCP, MADCAP

Protocol and Port: UDP 137
AD and AD DS Usage: User and Computer Authentication,
Type of Traffic: NetLogon, NetBIOS Name Resolution

Protocol and Port: TCP 139
AD and AD DS Usage: User and Computer Authentication, Replication
Type of Traffic: DFSN, NetBIOS Session Service, NetLogon