Be careful what you wish for
My university switched to Microsoft's rival last year, presumably using LDAPS ... all fine until a few weeks ago when the SSL certificates expired, without the new ones being accepted. Result: a nice peaceful day and a bit without receiving a single email - though that's probably not quite how most of the users saw it. With that setup, if the link to your authentication server breaks, the whole thing becomes a paperweight until it's all fixed; at least if the sync agent goes down, it's just *changes* that get delayed, rather than disabling the whole service!