As Tom said - that document is outdated to the point if vast incorrectness-like-stuff... With ISA 2004, you only need ISA to be a member of a trusting domain if you expect to support firewall client traffic. Otherwise, you can RADIUS-auth to your heart's content. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Tuesday, September 27, 2005 17:55 To: [ISAserver.org Discussion List] Subject: [isalist] RE: 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest http://www.ISAserver.org On 9/27/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > First bad assumption - don't build your forest structure around ISA - > build ISA into the forest structure. Design your AD before you worry > about your edge. I should have mentioned that I came across this document before posting: http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/securityharde ningguide.mspx "Determining Domain Membership In many cases, you may want to set up the ISA Server computer as a member of a domain. For example, if you will create a policy that relies on domain user authentication, ISA Server should belong to a domain. If the ISA Server computer is protecting the edge of your network, we recommend that you install it in a separate forest (rather than in the internal forest of your corporate network). ..." Can you please elaborate, Jim? > You can adapt the ISA deployment to that later. Good point. On the same token, I want to focus on doing it right the first time. Much appreciated, ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.