Hi all,
I am looking at a solution which includes 3rd party access into the internal AD environment directly via LDAPS. The connection is external and via the internet. The purpose of the connection is for AD authentication to allow a piece of software
to extract data from it.
I'm not too happy with having direct connectivity into our AD from the outside like this and was wondering if this was something which is common elsewhere and has a valid technical reason i.e. just port 636 used, encrypted, etc.
Alternatively, what other options are reasonable available? I'd rather not have an RODC on the perimeter as this exposes the whole AD externally, even if it is read only, for what is essentially a small data extract requirement. Considering ADFS but I'm not yet too conversant with it and was hoping for a little advice.
Does anyone have a pros and cons they can think of between authenticating directly via LDAPS as opposed to the other available options?
Thank you all in advance.
Regards,
Martin