AD RODC VS AD LDS
So I am looking at a new cloud solution to replace the Microsoft Spam Gateway. I want to allow the users to not have to manage different accounts and password so there is a setting that allows to sync with LDAP.
I went down the path of looking of configuring a server in the DMZ running AD Lightweight Directory Services try to replicate the domain objects to this server. Spent about 3 days working and reading articles about how to configure ADLDS with ADDS but ran into error after error after error. After conversations with my boss that I was changing paths, I decided to change paths and go with a AD RODC.
I started configuring the Read only domain controller in the DMZ and after making a few firewall changes and configuring SSL certs and 10 hours later had a working LDAP solution for the cloud spam gateway appliance connect securely.