SBS 2003 SP1 won't sync AD during a Swing Migration

I was working through a Windows 2000 to SBS 2003 SP1 swing migration this weekend and when we did the dcpromo on the temp server is just would not sync AD. After digging around google for a while I found a troubleshooting guide for RPC Endpont Mapper problems. Running thought this guide showed that a bunch of ports were shutdown on the server. What???? So I checked windows firewall and sure enough it was locked down as tight as can be. Now I'm glad MSFT is securing their servers, but if I run dcpromo on a server it should open the required ports to allow it to work as a domain controller. This was a SBS 2003 SP1 server so I don't know if it is the same with a standard Windows 2003 server.