1st PDC is enough (it is possible to make 1 more cd for reading). KD raise at home (at the main branch), connect branches to vpn.

everything depends on the reliability and width of communication channels, as well as the logical connection of branches to the main office, what resources are used?
if the branch is isolated and largely independent, then organize a full-fledged infrastructure there.
if all activity is tied to software that runs in the main office, then it makes no sense to keep a thread there
, and as I wrote above, we impose communication channels on it.

That's right - when requests to the DC do not slow down :) If a small number of requests come from the branch and the communication channel is wide and fast, it makes no sense to make a separate DC. If the communication channel is thin - it makes sense to raise the DC even for a dozen machines - the DC itself is not resource-intensive, it works fine on a virtual machine with modest parameters. If the branch has its own database or mail or its own proxy for tyrnet, then definitely raise your DC, because all this can slow down with a weak channel ... strongly :)
A typical branch structure is a router / VPN / firewall (cisca, mikrotik), behind it is a host with a DC / file cleaner / database / mail / proxy (here everyone is perverted in different ways) and user cars. Why? The branch, especially if it is a salesman, should work even if there is no tyrnet, and if 1C is up at the boo, that's it, no shipments-> no money :(

I'll add to the above - read about RoDC - read-only domain controller.

There is no correct answer here. You can go very different ways. Of course, it would be nice to put AD configured as a division in each branch. Another question is whether it is justified? Although at the moment, the system requirements for AD are not very high. Those if there is still life there, you need a File dump, etc., then it would be logical to put AD. By the way, the file dump can be configured as branchcache. If there are just remote employees with laptops, then I would probably set up VPN SSTP, which will automatically establish a connection with the office and with AD in particular on any network connection. You can go through the creation of VDI (Virtual Desktop Infrastructure), etc. etc.