The ideal placement of the ISA firewall is behind the router and before all other networking devices. So it will be router -> ISA Firewall -> Switch -> Networking devices. The reason for the two NIC requirement is because the ISA and any other firewall needs a WAN side and a LAN side.
The disadvantage of installing the ISA firewall on a Domain Controller is that you have more services to exploit which is basically why they came up with the Server Core 2008 installation option.
The DC contains all the authentication and user information for your domain. You do not want that host exposed. A firewall should not be providing other services as mentioned above – it has a much higher vulnerability profile the more processes that it runs.