Domain controllers

The domain controller is the most important physical component of AD DS. Each domain controller contains a copy of the AD DS database and the SYSVOL folder. The domain controller uses multi-master replication to copy changed data from one domain controller to an other. As a replication mechanism, Windows Server 2016 can only use Distributed File Systems (DFS). The File Replication Service (FRS), which was used in earlier versions of Windows Server, was deprecated in Windows Server 2016.

Domain controllers host the Kerberos authentication service, which is used when a user or a computer account needs to sign in to the domain. The Key Distribution Center (KDC) issues the ticket-granting ticket (TGT) to the account that's signing in to the AD DS domain. Each domain controller can host a copy of the global catalog.

It's highly recommended that each domain has at least two domain controllers for availability purposes.