what if I don't place #domain_controllers in #Azure ?

when the client asks you, why it's mandatory to place my #domain_controllers in #Azure? 

you have to Ask this question "what if I don't place #domain_controllers in #Azure??

Consider if I'm hosting important services in #Azure that are integrated with my #Active_Directory. 

-If my ExpressRoute link goes down, if my site-to-site VPN goes down, those services can no longer contact Active Directory. 

-So what would happen? Some services may carry on working for a short duration and have a certain amount of cached information. Others will just stop functioning, and at that point, you have to make a decision. You have to try and get past this trust issue because that's all this really is. This is just a trust issue. There are a few cost elements.

- If I don't place domain controllers in Azure, then any authentication, any traffic will be going over my link so there will be a certain amount of egress. 

-I pay for egress. So data from Azure to my On-premises domain controllers, I will pay for that. If I put #domain_controllers in #Azure, I won't have that cost of traffic flowing to On-premises for normal authentication, etc.,

- but I will pay for replication traffic. So originating changes in #Azure will have to be sent to On-premises so they can replicate out. So there'll be different types of costs.

- How do I really make the decision? If the services in Azure were hosted in an on-premises location, would you place a domain controller there? If the answer is yes because of the criticality of the service, if the links went down, just for performance, then you should be placing a domain controller in Azure.