Exam SC-100 topic 3 question 20 discussion

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview

Azure AD DS is a managed service that provides domain services such as domain join, group policy support, and LDAP and Kerberos-based authentication for cloud-based applications. It allows you to use your Azure AD directory as a managed domain without the need to set up, maintain, and secure an on-premises domain controller. This can help reduce the administrative effort required to maintain the infrastructure and ensure that the legacy applications continue to function as expected. Other identity services, such as Azure Active Directory (Azure AD) or Azure Active Directory (Azure AD) B2C, may not be as suitable for this scenario because they do not provide the same level of support for legacy applications that rely on LDAP and Kerberos-based authentication. Similarly, using an on-premises Active Directory Domain Services (AD DS) instance would require maintaining additional infrastructure and may not be as cost-effective or efficient as using a managed service like Azure AD DS.

B is the answer. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud. An Azure AD DS managed domain lets you run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.

Azure Active Directory (Azure AD) supports this pattern via Azure AD Domain Services (AD DS). It allows organizations that are adopting a cloud-first strategy to modernize their environment by moving off their on-premises LDAP resources to the cloud. The immediate benefits will be: Integrated with Azure AD. Additions of users and groups, or attribute changes to their objects are automatically synchronized from your Azure AD tenant to AD DS. Changes to objects in on-premises Active Directory are synchronized to Azure AD, and then to AD DS.