Currently I have users authenticating against RSA Ace server, but going via ACS 4.0's external database policy. Also have dialup users authenticating against the ACS internal database with CLI restrictions. My intention is to move the users using the internal database to authenticate against Active Directory. However ACS is in a management DMZ and being firewalled off isn't a member server of the Active Directoy domain. Unfortunately I can't take it out of the DMZ. Is it neccesary for the ACS server to be a member server of Active Directory? Most documentation I have seen suggests it is...