Microsoft now has the ability to have domain controllers as a service, this is useful if you want to host legacy applications running in Azure, or in our case our private cloud. We battled for a while getting single signon to work with Power BI Server and SSRS, and we were about to log a fault with Microsoft when we stumbled across this;
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/deploy-kcd
This highly resilient and manage service is great and low cost, it isn’t as fully extensible as unmanaged AD services. When trying to configure the delegation we hit the error “Access is denied” The link above was paramount in us finally solving the issue.
