On the good side, if an unplanned failure occurs and the VM that contains Active Directory running in Azure has to be service healed and is shunted back in time slightly, there will not be any corruption. On the bad side, if the VM running Active Directory was deprovisioned (removed from the Azure fabric) and then reprovisioned, the VM would get a new VM-GenerationID and cause Active Directory to go into the panic mode. You don’t want this to happen frequently