Jerry, Yes the isa servers have site to site vpn. I have a stub DNS Zone running on isa configured to use the remote dns on the domain controller and the local nic is configured to use it also. Name resolution on the isa box is not a problem. Clients are all able to logon to the domain. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young Sent: Monday, November 17, 2008 10:07 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Branch office Configuration James, Are these ISA Servers in a site to site VPN? Was the domain controller part of the same domain that the other domain controllers are part of? Not sure of the specifics with the rules or how you've configured them, but depending on how you set that up, this may be as simple as updating the DNS server listing on the ISA Server's interface to use one of the other domain controllers. On Mon, Nov 17, 2008 at 1:03 PM, James May <Jmay@xxxxxxxxxx> wrote: Hello, I have recently removed a domain controller from the branch office. Is there a way to configure ISA so it will contact DC's in remote sites for windows user and groups? I can no longer logon to ISA server using domain credentials. Nor are a the user groups available for firewall rules. Does anyone know if it's possible to have ISA communicate securely with domain controllers on a remote subnet? Thanks, Jim May -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer