What ports are needed to connect to a domain controller

Why would you want all your workstations in the DMZ?

You can't change the ports AD uses.

The link below outlines all of the ports required for Active Directory communication.
https://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx

However, i would highly NOT RECOMMEND putting a DC in a DMZ. I would not even put a RODC in a DMZ. This posses a security risk. If you are trying to do some sort of Federation/Authentication they implementing something like ADFS (federated services) would be more suitable, if this is what you are trying to achieve.

I just wanted to be upfront with you.

Will.

You can't do what you want. But joining a server in a DMZ to an domain behind the DMZ firewall would pretty much make th DMZ useless anyways. Not much (or any) benefit to such a configuration, so no changes to the product have been made to enable such a scenario.

@Shadowless127 No workstations in the DMZ. By "client" I meant other Server 2012 machines that will be exposed to other locations. The DMZ is what is accessible to other physical locations in a cluster of site-to-site VPN links. So a Windows File Server or IIS server would go in the DMZ. Clients are in the LAN. "DMZ" is really a poor name for servers shared with other locations. There is still another firewall between "DMZ" and the internet.

Mostly I want to know if in that link I posted "UDP Dynamic" for Group Policy is a certain range of UDP ports or all UDP ports.

If accessing a Domain over the internet, I would recommend implementing a VPN solution for clients accessing your network. Then the network and DC would be secure and limited to just your users.

Thanks for the info!