Eliminating Hybrid Network Connectivity: Azure Identity Solution Recommendation

B

Based on the requirements stated in the question, the most appropriate identity solution for migrating on-premises applications to Azure is Azure Active Directory Domain Services (Azure AD DS). The other options are not recommended because they do not meet the requirements.

Explanation:

Option A: In Azure, deploy an additional child domain to the contoso.com forest This option would require hybrid network connectivity, as the child domain would need to communicate with the on-premises parent domain. Additionally, this option would increase management overhead for Active Directory, as an additional domain would need to be managed.

Option B: In Azure, deploy additional domain controllers for the contoso.com domain This option would also require hybrid network connectivity, as the domain controllers would need to communicate with the on-premises domain. Additionally, managing domain controllers in Azure would increase management overhead for Active Directory.

Option C: Implement a new Active Directory forest in Azure This option would require hybrid network connectivity, as the new forest would need to communicate with the on-premises forest. Additionally, managing a separate forest would increase management overhead for Active Directory.

Option D: Implement Azure Active Directory Domain Services (Azure AD DS) Azure AD DS is a fully managed domain service that provides domain join, group policy, LDAP, and Kerberos/NTLM authentication. It allows on-premises applications that depend on Active Directory to be migrated to Azure without requiring hybrid network connectivity. Since it is a fully managed service, it minimizes management overhead for Active Directory. Therefore, this is the most appropriate solution that meets the requirements stated in the question.

Therefore, the correct answer is D. Implement Azure Active Directory Domain Services (Azure AD DS).