We currently have 3 physical sites, our larger site has 4 domain controllers, the 2 other sites have 1 DC at each. Our network team decided that we need to put the 2 sites in their own DMZ although we are all on the same domain. So we'll say that the first 4 DC's, site A are on the 10 network and the other two are DMZ'd to site B 192.168.1.0 and site C 192.168.2.0. 1st is this a good practice and will AD even work correctly? They have NAT'd the DMZ IP's so that we can access them from the 10 network. So 192.168.2.10 NAT's to 10.0.0.10 but if you go to \\dcsitea they dont resolve because DNS has them as the DMZ IP which we dont have access too. Let me know if there is any more info needed, it seems way over complicated to me and the security of the DMZ serves no purpose as we are accessing the same domain anyway just different resources.