Deploying Windows Server AD DS as IaaS (VM) in Azure?

I'm currently seeking some advice and guidance whether deploying additional Windows Server 2019 VM in Azure to run Active Directory Domain Controller / Global Catalog in separate AD sites called 'Azure' is really have any benefits or not?

At the moment my AD domain is just single forest AD, spread across multiple geographical locations throughout Asia Pacific.

Azure AD Connect runs Password Hash Sync to Azure AD, since we are still using Hybrid Exchange 2016-Office 365.

What are the benefits and the caveats when deploying one more AD DS as IaaS in Azure to serve the AD Sites called 'Azure' that is for the IP Subnet of the VNET I peered from Azure to OnPremise?

Solution 1:

If you want to run domain-joined VMs in your Azure virtual network, the best practice is for them to have a "local" Domain Controller (or two) available, running as another Azure VM; otherwise, they will need to reach out to one of your on-premises Domain Controllers every time they need to query DNS or AD (i.e. continuously).

Of course, if you don't want to run domain-joined VMs in your Azure virtual network, having a Domain Controller there would be quite useless.

How to get access to Azure VM image created in one azure account on another?

IIS7 FTP Setup - An error occured during the authentication process. 530 End Login failed

Signed SSL Certificates for server without port 80/443

Can tone ethernet cable into patch panel but it's not working

How to setup Azure traffic manger to switch between a website and a down (maintenance) page, without disruption?

How to fix system state backup error and NTDS VSS (error: 0x800423f4) state [11]?

try to run java wapper "unable to bind listener to any port in the range 32000-32999" [closed]

Why does kube-proxy authenticate to the kube-api-server using service account instead of tls certificate

OCSP setup for Vault

Is it possible to grant a "read everything" role in AWS?

Differential Equation of orbit of a planet