I'm in the process of planning a AD migration and I've got a question. I've got a DMZ that currently has it's own NT4 domain with two domain controllers. That domain has a one-way trust to my main networks domain. When I migrate to AD what is the best solution? Should I make the DMZ it's own forest and do a trust between the two? Or, should I make the DMZ a tree inside of my main forest? What's best for security sake? I've got to have some sort of trust because I need to be able to authenticate off of the main networks domain for some web applications. Thanks! -Aaron ----------------------- Aaron Dokey - MIS Reid Tool Supply 2265 Black Creek Rd. Muskegon, MI 49444 (231) 777-3951 (231) 767-3772 (Direct) ----------------------- ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm