The domain controller is a computer that runs a Windows Server operating system and holds the Active Directory Domain Services role. It can be either a physical server or a virtual server.
Virtualized domain controllers are not always suited for the infrastructures. I have seen some engineers host domain controllers in virtualized environments while the same virtualized environment (cluster) build uses the same domain. If virtualized domain controllers go down with the cluster, authentication will not work either. In such an environment, physical domain controllers are important for a reliable identity infrastructure.
The domain controller holds the directory partition that will be replicated to the other domain controllers in the same domain. The domain can have any number of domain controllers. The number of domain controllers is dependent on the enterprise's size, geographical placement, and network segmentation. In Windows NT, it uses multiple domain controllers but it maintains a single-master schema.. This means that directory changes can be made from a specific domain controller only. After Windows 2000, there has been support for the multi-master mode. Any object-level changes made in one domain controller will be replicated to all other domain controllers (directory service-related). That said, some of the Active Directory-related operations role changes can be modified by the designated operation master role owner (FSMO roles) only.
Before Windows 2000 domain services, one of the domain controllers acted as the primary domain controller (PDC) and all other additional domain controllers were called backup domain controller (BDC). Some people still use this terminology to describe the operations of the domain controllers in the infrastructure. But after Windows Server 2000, the only difference between domain controllers was either their Flexible Single Master Operation (FSMO) role holder or the global catalog server. Some documentation listing read-only domain controllers and read/write domain controllers are two different categories, but for me it's rather an operation change than category. Read-only domain controllers are used with specific administrative requirements when you do not trust the security of the domain controller.
