We are seeking to leverage HD Insights + Enterprise Security Package across a variety of high-security projects. However, the current dependency on AAD-DS is a major blocker to adoption due to:
- Allow Azure AD Domain Service in Multiple Virtual Networks
(https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31351027-allow-azure-ad-domain-services-in-multiple-virtual)
- Provide AAD-DS Support for Geo Dispersed Deployments
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/33618100-provide-aad-ds-support-for-geo-dispersed-deploymen
- AAD-DS requirement for password sync
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started-password-sync

This request is to modernize HDI authentication to support modern/claims-based/federated auth (SAML/OAuth/OIDC)
and remove the requirement for DS and specifically AAD-DS.

Related Feature Requests:
HDInsight PaaS integration with IaaS AD – This would allow us to overcome the limitations of AAD-DS
(https://feedback.azure.com/forums/217335-hdinsight/suggestions/35018089-hdinsight-paas-integration-with-iaas-ad)