I need to setup LDAPS on our 2003 AD server and wanted to get some clarification. For the FQDN, do I assign the SSL that I want as a domain name that an outside vendor can communicate with? For example: We own domain.com however our AD forest is domain.local. Would the FQDN be ldaps.domain.com or ADSERVER01.domain.local? Do I need to purchase from a SSL certificate from a vendor? Thanks,

Here's a great reference: http://support.microsoft.com/kb/321051 If this is for the server certificate then for sure include the domain.local otherwise internal communications will break. How will the LDAPS service be presented outside your network? Through a load balancer?

Here's a great reference: http://support.microsoft.com/kb/321051 If this is for the server certificate then for sure include the domain.local otherwise internal communications will break. How will the LDAPS service be presented outside your network? Through a load balancer?