If you launched an AD extension type deployment and want to decommission the on-prem servers, keep the following things in mind. Your FSMO roles may still be hosted on your local domain controller. To check what server holds the roles you can run the following command in an elevated Powershell or Command prompt window:

The output should look something like this:

If the output points to one of your new domain controllers then you can skip this part but if they are pointing to your old on-prem domain controllers then you will need to run the following command to move the roles over.

If the domain controller is already offline and the roles were not transferred, you can run the previous command with the "-Force" option to seize the roles:

After the FSMO roles are transferred to the new domain controller, gracefully demote the old domain controllers from your active directory. You can do this through the Server manager, Powershell or Command prompt. 

Once the domain controllers have been demoted go ahead and remove them from the domain. Update any local devices DNS servers so they can still resolve domain resources and authenticate with it.

If you don't need connectivity to the Active directory from your on-prem location, or if the old domain controllers were located in a data center and that site will no longer be used, you can remove the VPN connecting the two locations. If you intend to have users log into the domain using their local devices as they did before, or will need to use network devices such as printers, then please leave the VPN in place.