I am setting up an Active Directory Lightweight Directory Service (ADLDS) server to give a partner limited access to our directory without giving them access to the entire Active Directory. Setting up ADLDS looks pretty easy.
What I can't find is information on how to best replicate limited data out of Active Directory into an ADLDS data store. Can this be done with standard AD Replication, or must I use a more invasive technique, such as Microsoft Identity Integration Server?
MS recommends using ADAMsync to sync data with ADLDS. But in the past ADAMsync has had problems with aging see KB927053. So I ended up writing a custom script to do the syncing for me.
I have no idea if the aging issues have been fixed with the switch to ADLDS.
Update:
These where written for ADAM but I assume they still apply.
To filter objects you can use a LDAP query in the object-filter field.