Ended up doing a packet capture thank you for that, found it really really wants the RPC ports open, you can apparently tighten these up to a range of 1000 but I don't have time for now to do that on all our servers. You need the ranges I mentioned above on both UDP and TCP + the range of 49152-65535
So the ports required in order for the default configuration of Active directory to work are - TCP & UDP 53,88,389,3268,445,123,135, & 49152-65535