Should I go for ADFS 2.0 or a AD LDS RODC solution


  • I have been reading a bit on ADFS 2.0 and Active Directory LDS / Read Only Domain controller and I am a bit confused.

    What I need is the following.

    We have quite a few webservices like OwnCloud, Target Process, SysAid Helpdesk systems where we can integrate these services with our internal Active Directory. I now need to move these services to our DMZ and preserve the AD-integration.

    As I understand it with RODC/ AD LDS I need to make a few holes in our firewall both ways to make this work. (not fond of this.)

    With ADFS 2.0 I have to Federationsservers that communicates through SSL Certificates back and forth.

    What I am not sure about is if ADFS works with the typical AD Integration/ authentication our services can be configured to (SSL/ port 389 communication against a Domain Controller)

    Does anyone know if you can make the standard/ typical LDAP authentication against a ADFS 2.0 proxy server.

    (my reason for looking af ADFS is that we also make use of Office 365, where it is recommended to use ADFS, though we still don't do this)

    • Edited by MrStaun Friday, February 15, 2013 9:48 AM
    Friday, February 15, 2013 9:38 AM