Dear all,
Thanks for your help first.
Current environment:
-Windows server 2008 AD (FFL and DFL is 2008r2)
Right now we've some vendors will provide some applications to our internal users, we would like to utilize our AD user account to login their application, of course their application should support native AD connection.
I google and find some options:
- setup ADFS, application need to support this
- setup Read Only AD for external application to connect
- setup ADLDS for external application to connect
- setup ADMT server for external application to connect
Our requirement if possible:
- do not want to sync all users a/c to above server, only sync specific users if possible
- sync only some user attribute if possible
- do not want to sync password if possible because this will have time lap between password got sync
We prefer to use ADFS for those application support it, for those application do not support ADFS, we will provide a Directory Service for it to connect but which options is the best according to our requirement?
Any recommendation and suggestion on our situation and requirement?
Thanks again.
Patrick