troubleshooting Question

AD Lightweight Directory Services - can I use it for Secure LDAP in this scenario?

Avatar of fieldj
fieldjFlag for United Kingdom of Great Britain and Northern Ireland asked on
* LDAPActive Directory
7 Comments1 Solution76 ViewsLast Modified:

We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.

We have 3 x Domain Controllers.

In order to make the secure LDAP connection we would need to give one of our DC's a public IP address and then allow the spam filters IP addresses through the firewall and open port 636 (secure LDAP).  I don't feel particularly comfortable with making one of our DC's public facing (even if it is locked down to specific IP's) and would like to look at alternatives.

My initial thought was to perhaps create a Read Only DC and use this instead.  However, while researching this I came across the possibility of using AD Lightweight Directory Services.

I am not too familiar with AD LDS so I am not 100% sure if I can use it in this scenario.  If I install AD LDS on server, will I be able to use this server for secure LDAP to the third party and will it keep replicating/updating from my production AD environment?


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros