It depends.
If the jabber server is only intended to be used by the internal lan, the best is to put it in the safe zone and leave users from outside be allowed to connect to the TIMP server only after a VPN/dialin call into the safe zone.
Otherwise, if you are planning to make TIMP interoperable with other jabber servers you should put it (or at least the s2s component) in the DMZ.
If you, at last, want to allow users to connect from the outside, without previously established VPN/dialup call, you need to put also the c2s/wireless proxy in the DMZ zone.
Depending on what is the level of interoperability you like most, you have/can open different ports on the two firewalls.
The most important thing to keep in mind, is *in NO way* enable NOT-SSL-ed connection from outside you LAN.
2) If TIMP is in the DMZ, is there any concerns?
If is the same as placing an EMAIL server or a Webserver in the DMZ. Search for "Exchange in DMZ" for lots of opinions about if this is good/evil. Or read this article
http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=23653 and the pointed MS links.
3) If TIMP is in DMZ, what are the ports on the second firewall that needs to be opened to allow AD authentication?
The answer depends on how is configured your AD, so the best choice is to read the documents above (TIMP has less requirements then exchange, but making exchange in the DMZ communicate with the AD allows TIMP also), log the traffic (with www.ethereal.org) opening with all the ports described in those document and then close those that you are sure not using for your particular AD setup.
4) If TIMP is in the DMZ, what other security measures we need to take to secure TIMP and Jabber protocol? Any statistics and counter-measure of Jabber server hack attempts?
There aren't known server hacks for jabber-1.4.2 based server. The only care I suggest is not to allow plain authentication, at least from the outside (this can be prevented filtering port 5222)
5) If we are to harden the TIMP's W2K server platform, which services are not safe to remove? Do you have typical hardening guide of TIMP servers?
TIMP just needs DCOM services and Workstation services to be installed.
Everything else (iis, alerting etc) are useless for TIMP. Please refer to MS guides here http://www.microsoft.com/security lock down a windows machine.
We also suggest to enable packet filtering on the machine (native in w2k, or through an Application Firewall or other third party software) and avoid all *inbound* connections but to port 5222 (for plain client connections), 5223 (for SSL-protected client connections), 5269 (for server to server connections).
6) If TIMP is in the DMZ, If we have a number of server components and clients that sit on the server offering Jabber services, where is the best zone to place these applications - safe zone or DMZ?
It depends on the component, but in general it is safe to have client IM programs in the safe zone, as well as services. TIMP takes care not to deliver big messages (>1MB) so to make very unlikely that a buffer overflow
could happen in a component/client. Of course this this possibility does not protect against programming errors.