If you have an Office 365 or Windows Azure subscription you can integrate on-premises Active Directory domains with Azure Active Directory.
Azure Active Directory (Azure AD) is a cloud-based multi-tenant directory and identity service. This reference architecture from Microsoft shows best practices for integrating on-premises Active Directory domains with Azure AD to provide cloud-based identity authentication.
Related technology: Installing Microsoft Azure Active Directory Module for Windows Powershell
This exposure focus on Azure AdConnect Architecture having the following components:
Azure AD tenant. An instance of Azure AD created by your organization. It acts as a directory service for cloud applications by storing objects copied from the on-premises Active Directory and provides identity services.
Web tier subnet. This subnet holds VMs that run a web application. Azure AD can act as an identity broker for this application.
On-premises AD DS server. An on-premises directory and identity service. The AD DS directory can be synchronized with Azure AD to enable it to authenticate on-premises users.
Azure AD Connect sync server. An on-premises computer that runs the Azure AD Connect sync service. This service synchronizes information held in the on-premises Active Directory to Azure AD. For example, if you provision or deprovision groups and users on-premises, these changes propagate to Azure AD.
VMs for N-tier application. The deployment includes infrastructure for an N-tier application. For more information about these resources, see Run VMs for an N-tier architecture.