We have an internal forest and an isolated perimeter DMZ forest. There is no trust between the two forests. The Service Desk and Help Desk need the ability to administrate the resources in the perimeter DMZ forest on a limited basis.Can AD tools installed on a server joined to the internal forest be against domain controllers in the DMZ? The primary reason is to deny them the ability to login locally and to have to put up a tools server in the DMZ. They will have limited credentials to perform some resource administration.