Azure Active Directory Domain Services Capabilities and Limitations.

Here are the Capabilities and Limitations of "Azure Active Directory Domain Services" which you need to consider while making a decision for Active Directory in cloud.

Managed service
Azure AD Domain Services domains are managed by Microsoft. You do not have to worry about patching, updates, monitoring, backups, and ensuring availability of your domain. These management tasks are offered as a service by Microsoft Azure for your managed domains.

Secure deployments
The managed domain is securely locked down as per Microsoft’s security best practices for AD deployments. These best practices stem from the AD product team's decades of experience engineering and supporting AD deployments. For do-it-yourself deployments, you need to take specific deployment steps to lock down/secure your deployment.

Cloud Based Enterprise Directory [ Microsoft ]

Till now, we have only one way to put fully capable Active Directory in a cloud, is that we have to create an Azure VM in Azure IAAS and configure it as the domain controller. But it would require a different set of ‘cloud credentials’ to login/administer VMs in the cloud and it would be limited to the VM only. To go on next level, you can configure an AD trust relationship with your on-premises AD environment over the VPN/ExpressRoute connection. Then, you can join the virtual machines to your domain and user authentication will happen over either a VPN/ExpressRoute connection to your on-premises directory.

There are only a few benefits in doing this.
1. You extended your Active Directory to Cloud.
2. On-Premises Active Directory will replicate to Azure VM Active directory over the VPN/ExpressRoute connection.
3. You can join you Azure VMs to the domain and managed them.
4. You can use each and every functionality of Active directory in the cloud. Like, Domain Join, Group Policy, LDAP Bind/Read/Write and Kerberos/NTLM Authentication.