I'm after some expert advice on the options I have for setting up a new on premises Windows 2016 standard server with active directory.
The server has been installed to manage Operational Technology such as heating, ventilation, lighting and power monitoring systems. All of this equipment sites on it own network, away from the corporate network. There is one physical server running W2016, hosting 2 VMs only. There are 4 other Windows machines on the network acting as kiosks for building managers to see the status of the building systems.
Previously I had a local domain configured on W2008 but the FSMO holder went corrupt and although I can restore from a backup, I've been exploring setting up the new 2016 server on Azure AD to simplify things and remove the need for me to manage on premises domain controller, handle its backups, fix any issues that arise on the AD etc.. I'd also have to buy another standard server license to host another VM for the Domain Controller as the existing 2 licenses are used and I don't want the host being the domain controller. DNS might have to stay on-premises, which may be the deal breaker.
So My question is, should I use the free Azure AD on the new server to manage users and folder security or is it designed to work with an existing on-premises AD. I'm hoping to scrap my local AD and start a fresh on Azure AD and join the VMs and kiosk PCs to the Azure AD with no on-premises services at all.
All advice welcome.