PDC BDC 跨firewall最低需求:
Kerberos (88/tcp, 88udp)
LDAP (389/udp, 389/tcp and/or 636/tcp for LDAP over SSL)
SMB over IP traffic (445/tcp, 445/udp)
DNS ports (53/tcp, 53/udp)

還有其他application也要通就看狀況再繼續加,如果找不出來......
1. 用sniffer or ethereal 抓封包來解讀
2. firewall針對單一client設一個policy,查看 log被擋掉什麼,確認必要要開的port
3. PDC/BDC 兩邊網路都有firewall的話,直接用IPSEC VPN對接打通
Good Luck