I am putting an AD server in our DMZ so a client can quarry the domain tree. They only need to be able to get user and group info. I was looking into AD LDS (used to be known as ADAM) to provide this functionality.
So my question is would this be a best practice for remote domain queries?
If so how to you keep an AD LDS in sync with AD all the time?
How do i setup AD LDS so it is only updated from the domain?