I have a Win NT network on my LAN with a PDC and several Win NT BDC's. I am in the process of placing a Win 2k server with Exchange 2000 in my DMZ. If I make that Win 2k server a domain controller in its own domain by installing active directory will that cause any type of security breach in my LAN? I know in terms of administration it is inefficient because I have to do everything twice, once on my LAN and once on the AD. What I want to know is am I exposing my network to potential attacks by having active directory on the DMZ?