Ok, the bit that works.
I have a rule on our ASA, source=dmz server, destination=domain server, service=domain which works fine and permits access to my domain controllers and access shared folders from a test DMZ server.
..and the bit that doesn't.
What I cannot fathom is accessing member servers even though I've added another rule but with services 53, 137-139 and 445 (all TCP/UDP)
Help as always appreciated.
Thanks