You've been there. You want to connect to ISA or TMG firewall Networks to one another and allow Active Directory intradomain communications through them. You've been told that you need to make "Swiss cheese" out of the firewall to make this happen. Fortunately, this is a bit of "tribal knowledge" that is categorically untrue.
In this article, Jason Jones describes what you need to allow through the firewall to get AD intradomain communications flowing through the firewall.
Check it out at:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer