Azure AD Domain Services helps you to move your on-premise applications, depending on traditional authentication methods, such as Kerberos and NTLM, to the cloud. This cloud-based service allows you to join your IaaS virtual machines to a managed domain without the need to provide domain controllers on virtual machines. With this solution, you can integrate your applications directly in your Azure Active Directory services and benefit from the rich feature set. With the synchronization of the Azure AD users to Azure AD DS, you can use identities to provide authentication and authorization. You're also able to connect by Lightweight Directory Access Protocol (LDAP/S) to the directory service.
The following diagram shows the integration scenario, from the perspective...