Client and Domain controller across a firewall

Hi guys,

i have more server on two different network layer separate across a firewall ..

Layer1 : All client

Layer2 : 2 Domain Controller

The question is :

wich port i need open on my firewall for permit the client to join a domain (only at setup) and after make possible a user domain authentication ?

Thanks in advance.