AD Lightweight Directory Services - can I use it for Secure LDAP in this scenario?

Hello,

We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.

We have 3 x Domain Controllers.

In order to make the secure LDAP connection we would need to give one of our DC's a public IP address and then allow the spam filters IP addresses through the firewall and open port 636 (secure LDAP).  I don't feel particularly comfortable with making one of our DC's public facing (even if it is locked down to specific IP's) and would like to look at alternatives.

My initial thought was to perhaps create a Read Only DC and use this instead.  However, while researching this I came across the possibility of using AD Lightweight Directory Services.

I am not too familiar with AD LDS so I am not 100% sure if I can use it in this scenario.  If I install AD LDS on server, will I be able to use this server for secure LDAP to the third party and will it keep replicating/updating from my production AD environment?

Thanks
fieldjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andy MIT Systems ManagerCommented:
Not sure that ADLDS will be best for this scenario as I believe you can still write data to it. You're better off with a Read Only Domain Controller in a DMZ.
fieldjAuthor Commented:
Thanks for the reply, I would appreciate if there are any other views on this?
Shaun VermaakTechnical SpecialistCommented:
We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.
Which spam filter. Most have an option for ADFS, use that instead.
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

fieldjAuthor Commented:
EveryCloud - I dont believe ADFS is an otpion
Shaun VermaakTechnical SpecialistCommented:
Please share the configuration document that mentions the steps in the question, I do not see it within the documents on EveryCloud's website.
fieldjAuthor Commented:
I will close this ticket as we are no longer looking at this option.
fieldjAuthor Commented:
.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
LDAP

From novice to tech pro — start learning today.