I have a need to authenticate users against Active Directory (which uses dynamic ports), but the networking group within the organization will not allow us to open up such a large range of ports.

I realize that the owner of AD could putz around with registry keys to restrict it to one port, but that isn't going to fly either.

Is there a way to proxy the traffic such that only 1 port is open on the firewall to accept authentication requests and interact with an AD Domain Controller?

Clarification

There is a firewall between two networks, where the application on one network needs to utilize AD that is hosted on another.