win2k3 active directory - firewall ports



i want to put win2k3 active directory server behind the corporate
firewall. we are using windows xp clients and also group policy

what ports need to be allowed on firewall ? is there any fine tuning
that can be done on AD to make it more firewall friendly?

i have some DC is remote locations . what ports need to be allowed between DCs?