A Microsoft document called “Active Directory in Networks Segmented by Firewalls.”

The document is a little dated, but the concepts are still pretty much the same.