G->TechLink: G->Pointer's Technology Link

By default a domain controller is a read/write domain controller. So, it can be used to authenticate against it, but also to e.g. set a new password. That password will then be replicated out to other domain controllers on your network. Why would you need a read-only domain controller now? In short: for security reasons (not performance, availability, ...). The assumption is that remote offices will be less secured than the company headquarters for many reasons (e.g. reducing IT costs on security). As such it is handy to have a local domain controller that clients can use to authenticate on-site. Yet, those should not be allowed to replicate data back to the central system, as they are assumed to be more vulnerable to attacks and breaches than the (hopefully) fortified HQ. Sources: Introduction to Active Directory Infrastructure in Windows Server 2012 @ ~20:00

Quite moderate minimum requirements for the basic hardware requirements, but depending on usage (as always) the more RAM the better. Processor Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core) Memory Minimum: 512 MB RAM Disk Space Requirements Minimum: 32 GB or greater Usually the question also goes hand-in-hand with the other tasks that machine can perform: "There are certain roles that typically get folded in with the domain controller in all but the biggest networks (e.g. DNS/DHCP/WINS/Cert Server) with little harm." "There are some that get folded into a DC and will cause performance issues on all but the smallest networks (e.g. File Server/intranet server/WDS Server) but these issues are probably manageable depending on load. These previous two classes of role are a case of a balancing act, how concerned you are about performance on your DCs vs. the resources you have available to provision your network. It's b...