Active Directory Replication over Firewalls
In the event that you need to separate your domain controllers with firewalls you will need to open several ports. Here is a good article that will help you with identifying those ports. http://technet.microsoft.com/en-us/library/bb727063.aspx