MicrosoftJohnGallucci - that's a bit more tricky because of the way a PublicIP works (the easy answer is "you would do the same as in Azure"). From "inside the VM" you don't really "see" the PublicIP. You would need to use the PrivateIP + a S2S connection to get back onprem (since your DCs would be in a Cloud environment now)...plus, not sure how ADDS would behave not being able to bind to the PublicIP.
In the scenario where you still have some services outside of AzStack, you should probably create a S2S between them - something in the lines of https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain (at least for the DC replication part and have the rest of the traffic over Public IPs).
Of course, this is a case by case thing and you need to understand the scenario properly, with all the dependencies, in order to design a good solution (so the solutions can vary)
