A new problem has come up that needs solving.
We have a domain that sits behind ISA then some connects to a PIX. There are several other servers that are connected to the PIX that form our DMZ. We now want to put Sharepoint on of these servers. So that we can use Windows Authentication the server it is on needs to be a member of the internal domain. (We have looked using Form Authentication but is reduces functionality). Does anyone know the problems with extending the domain into the DMZ? It strikes me that it is a way of getting a trust into the domain from outside ISA. Should I set up a seperate forest in the DMZ and if so how do I go about doing this?