Microsoft Azure Architect Design (legacy) — Question 61

You manage a single-domain, on-premises Active Directory forest named contoso.com. The forest functional level is Windows Server 2016.
You have several on-premises applications that depend on Active Directory.
You plan to migrate the applications to Azure.
You need to recommend an identity solution for the applications. The solution must meet the following requirements:
✑ Eliminate the need for hybrid network connectivity.
✑ Minimize management overhead for Active Directory.
What should you recommend?

Answer options

• A. In Azure, deploy an additional child domain to the contoso.com forest.
• B. In Azure, deploy additional domain controllers for the contoso.com domain.
• C. Implement a new Active Directory forest in Azure.
• D. Implement Azure Active Directory Domain Services (Azure AD DS).

Correct answer: B

Explanation

The correct answer is B, as deploying additional domain controllers for the contoso.com domain in Azure allows you to maintain Active Directory functionality without requiring hybrid connectivity while minimizing management overhead. Option A would still require connectivity to the original forest, and option C would create a new forest which complicates management. Option D, while useful, does not directly address the need for maintaining the existing Active Directory structure.