Environment: Servers: Windows 2000 SP4 AD: 2000 forest/domain from old NT 4.0 migration ISA: 2000 SP2, separate forest, one and only DC, with trust to other forest Clients: Windows 2000 Pro SP4 & XP SP2 - some with firewall client Goal: Implement new Windows Server 2003 Standard and ISA 2004 Standard Server to replace current without decreasing security posture. Possible implementation scenarios that comes to mind (in no particular order of preference): 1) Install 2004 in its own new 2003 based forest (only one DC would be available hardware-wise), create a trust between production domain (the one users actually log into), mirror the ISA 2000 config, somehow point the clients to the new server, break the old ISA 2000 trust, and kill that forest and server. 2) Add the new 2004 server to the ISA forest, mirror the ISA config, retire the old ISA server, and rename the 2004 server to original. 3) Install 2004 as a member server of the 2000 production domain, somehow point the clients to the new ISA server, retire the old ISA 2000 trust, forest, and server. I hope that I explained everything well enough, as the ISA 2000 server is dying, and tomorrow night may be our only window of opportunity in the next few weeks to perform the upgrade. Thank you! ...D