Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Instead, you connect HDInsight to your on-premises network by using Azure Virtual Networks and a VPN gateway.
Note: To allow HDInsight and resources in the joined network to communicate by name, you must perform the following actions:
-> Create Azure Virtual Network.
-> Create a custom DNS server in the Azure Virtual Network.
-> Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
-> Configure forwarding between the custom DNS server and your on-premises DNS server.
https://docs.microsoft.com/en-us/azure/hdinsight/connect-on-premises-networkThe proposed solution of deploying Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription may meet the goal of allowing users to authenticate to the Azure HDInsight cluster by using their on-premises Active Directory credentials, depending on the specific configuration and requirements of the environment.
Azure AD DS provides managed domain services, such as domain join, group policy, LDAP, and Kerberos/NTLM authentication that are fully compatible with Windows Server Active Directory. By deploying Azure AD DS, a domain controller is created in an Azure virtual network, allowing the on-premises Active Directory domain to be extended to the Azure environment. This enables Azure resources, such as the Azure HDInsight cluster, to be integrated with the on-premises Active Directory environment.
However, there are several considerations to keep in mind when deploying Azure AD DS:
Cost: Azure AD DS is a premium feature of Azure AD and has associated costs. You will need to ensure that the benefits of the solution outweigh the cost.
Network connectivity: Azure AD DS requires connectivity between the Azure virtual network and the on-premises network where the Active Directory domain is located. This connectivity can be established through a VPN or ExpressRoute.
Domain configuration: The on-premises Active Directory domain must be properly configured to allow Azure AD DS to extend the domain to the Azure environment. This may require adjustments to the domain configuration, such as enabling replication to Azure AD DS.
In summary, while deploying Azure AD DS may meet the goal of allowing users to authenticate to the Azure HDInsight cluster by using their on-premises Active Directory credentials, it is important to carefully evaluate the cost and network and domain requirements before implementing this solution.