(edit: I just realized that I ended up diving way deeper than the initial question I was going to ask, but I don't see any way to edit the initial question; apologies for moving off topic of the initial thread)
I have a customer that is interested in building servers in Azure and eventually replicating on-prem ADDS in Azure for on-prem failover. They have on-prem applications, and I do not think that Azure AD can help with any failover here. I think these are the
2 phases we are considering:
Phase 1: Set up site-to-site VPN to Azure and build servers that connect to on-prem (no ADDS replication yet). My questions here are:
1) Once the site-to-site is set up, is it pretty simple to launch a Windows server in Azure and connect it to the on-prem domain?
2) Do we need to sync on-prem AD to Azure portal with something like DirSync in order to log in to Azure Windows servers with current AD credentials? is Azure AD required here, or we can simply launch Windows servers and authenticate with current on-prem AD infrastructure through the site-to-site VPN?
3) In order to manage the Azure portal with on-prem AD credentials, do you need to set up Azure AD - i.e., use the DirSync tool to sync up Azure AD? Or, with the site-to-site VPN tunnel, are we able to use on-prem AD creds to log in to the Azure portal without building Azure AD?
Phase 2: Replicate AD in Azure. In phase 2, we would like to replicate on-prem AD in Azure for failover. Is the best way to do this just to build out domain controllers in Azure with the site-to-site VPN implemented? So if on-prem AD goes down, we can still
authenticate through the AD servers in Azure? Do we need to bring Azure AD into this, or can we just build this out on Azure IaaS?