You need to allow tcp/udp ports for Active Directory on Firewall.

Below ports are use for Active Directory communication

TCP and UDP 389
TCP 636
TCP 3268
TCP 3269
TCP and UDP 88
TCP and UDP 53
TCP and UDP 445
TCP 25
TCP 135
TCP 5722
UDP 123
TCP and UDP 464
UDP 138
TCP 9389
UDP 67 and UDP 2535
UDP 137
TCP 139

Suppose FW1 has network 10.10.10.0/24 and FW has 120.20.20.0/24  then your both firewall ACL configuration would be as below

Object-group Network Allow_FW1_Network
network-object 10.10.10.0 255.255.255.0

Object-group Network Allow_FW2_Network
network-object 20.20.20.0 255.255.255.0

object-group service AD_TCP tcp
port-object eq 389
port-object eq 636
port-object eq 3268
port-object eq 3269
port-object eq 88
port-object eq 53
port-object eq 445
port-object eq 25
port-object eq 135
port-object eq 5722
port-object eq 123
port-object eq 464
port-object eq 9389
port-object eq 139

object-group service AD_UDP udp
port-object eq 389
port-object eq 88
port-object eq 53
port-object eq 445
port-object eq 123
port-object eq 464
port-object eq 138
port-object eq 9389
port-object eq 67
port-object eq 2535
port-object eq 137
!
access-list TestACL extended permit tcp object-group Allow_FW1_Network object-group Allow_FW2_Network object-group AD_TCP
access-list TestACL extended permit udp object-group Allow_FW1_Network object-group Allow_FW2_Network object-group AD_UDP
access-list TestACL extended permit tcp object-group Allow_FW2_Network object-group Allow_FW1_Network object-group AD_TCP
access-list TestACL extended permit udp object-group Allow_FW2_Network object-group Allow_FW1_Network object-group AD_UDP
!

Please free to ask me if you need any help on this. Please rate the post if you find it useful.

Regards,

Pawan (CCIE 52104)