AD Sync to Azure

When syncing your local Active Directory (AD) to Azure, using Microsoft Entra Domain Services is not strictly necessary, but it can be beneficial depending on your requirements. Microsoft Entra Domain Services provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication, which can be useful for applications that require these features in Azure.

If your applications do not require these specific features and you are primarily using Microsoft Entra ID for identity management, you may not need to implement Microsoft Entra Domain Services. Instead, you can use Microsoft Entra Connect to synchronize your local AD with Microsoft Entra ID, which allows users to access cloud resources without needing a managed domain.

Ultimately, the decision will depend on the specific needs of your applications and infrastructure. If you need traditional Active Directory features in the cloud, then Microsoft Entra Domain Services would be the right choice. Otherwise, you can manage with just Microsoft Entra ID and Microsoft Entra Connect.

References:

• What is Microsoft Entra Domain Services?
• Microsoft Entra Domain Services for hybrid organizations
• Compare self-managed Active Directory Domain Services, Microsoft Entra ID, and managed Microsoft Entra Domain Services
• Synchronize identities between Active Directory Domain Services (AD DS) and Microsoft Entra ID
• Migrate an on-premises service or daemon application to Azure
• Common use-cases and scenarios for Microsoft Entra Domain Services
• How objects and credentials are synchronized in a managed domain
• What is Microsoft Entra ID?
• Active Directory Domain Services overview in the Windows Server documentation
• Microsoft Entra Connect
• Microsoft Entra self-service password change mechanism
• PowerShell scripts to automate the creation of guest accounts on-premises.