I notice the question in the first post is about ports from domain controller to client, if that changed in a later post the orginal question is still unanswered.
Unfortunatly i have not found any source that document any requirements, but i do have some experience.
In my experience there is no need to have any ports open from the domain controller to the domain client, this is the setup we are running in production and it has not caused any issue for us. Please mark that you may use systems or features that we do not use that reuqire some ports to be open, this is why it is sad no official source does adress this.
When looking in the firewall logs we do observe that the domain controller do try and connect to all clients on port 135(RPC) and 137(NetBIOS), NetBIOS we can easy ignore, the RPC port we have no idea why it tries to connect on but as long as we dont know we keep it closed.