I found this document to be quite helpful, thanks.  And even better news, I noticed Centrify has delivered a product that extends Server and Domain Isolation to UNIX and Linux, so now SDI is cross-platform!  Even more reason to try out SDI.

http://www.centrify.com/directsecure/server-and-domain-isolation.asp