I’ve been waiting for this guide for a while (‘cause that’s how I roll), but if you are interested in guidance on when/how to use Active Directory in your perimeter network, the AD team has released a guide for that:
The guide covers the following AD models for the perimeter network:
- No Active Directory (local accounts)
- Isolated forest model
- Extended corporate forest model
- Forest trust model
This guide contains direction for determining whether Active Directory Domain Services (AD DS) is appropriate for your perimeter network (also known as the DMZs or extranets), the various models for deploying AD DS in perimeter networks, and planning and deployment information for Read Only Domain Controllers (RODCs) in the perimeter network.
Because RODCs provide new capabilities for perimeter networks, most of the content in this guide describes how to plan for and deploy this new Windows Server 2008 feature. However, the other Active Directory models introduced in this guide are also viable solutions for your perimeter network.