Administering Windows Server Hybrid Core Infrastructure (AZ-800) Practice

The recommended deployment model for an LDAP-aware Line of Business (LOB) application in Azure is to deploy Active Directory Domain Services (AD DS) in both on-premises and Azure virtual machine environments. This approach provides several advantages that are crucial for maintaining identity and access management for applications that rely on LDAP.

By deploying AD DS in both locations, you ensure that there is a consistent directory service available for the application, regardless of where it is hosted. This setup allows seamless authentication and authorization processes for users accessing the application from different locations, which is essential for hybrid environments. It also ensures that directory synchronization can take place, allowing for up-to-date user and group data between the on-premises environment and Azure.

Furthermore, this model supports failover and redundancy options, as the application can continue to function using the local (on-premises) AD DS if the Azure-hosted service is temporarily unavailable. This redundancy increases the availability and reliability of your LOB applications.

In contrast, solely deploying AD DS on an Azure VM creates a single point of failure and limits the application's accessibility and performance for users connecting from the on-premises environment. Deploying a separate AD forest would complicate trust relationships and integration, making it less ideal for applications needing LDAP access