Wonder what ever happened to Domain Isolation using IPsec? Well, that is so last decade!
Let me introduce you to the ESAE Administrative Forest Design Approach practiced by Microsoft’s Cyber Security Services Team.
Update: This blog was written years ago. Technology continues to chance and improve. The link is still active, but ESAE is no longer mentioned. The TechNet article mentioned will continue to be updated with the latest and greatest information.