We have sharepoint based intranet portal which we plan to keep in the DMZ for employees to access them from their home or internet. For user it will need to connect to the Active Directory database as well as access some databases.

I wanted to know what is the best way to keep the sharepoint server in the DMZ considering the security aspects of it? Any inputs will be of great help.