1) Azure is just a cloud platform. Think of it as a virtualization tool. That is, you simply create virtual machines there and deploy your services there, and that's it.
2) And what about the terminal server? Want to transfer to the cloud - transfer. If you don't want it, keep it. What is the question?
3) Licenses are a dark subject... :-)
4) The domain controller should be left at home anyway. You never know - communication problems, all that. To avoid problems with user login. On this productive server, deploy Hyper-V, in it - a virtual domain controller, well, and something else, to taste.

For replication, there must be a physical domain controller.
ps it can be made "at home" and
there will be no problems with virtual settings to transfer it from physical virtual to physical media.
If I were you, I would not post the domain, reliability, what's stopping you from doing it "at home" in the "public" network.
access from anywhere in the world, you can not protect?
read my friend about ssl certificates and authorization on them.
this will not make your task easier, they will not give you normal throughput speeds, as far as resources are concerned, they will be limited.
I can advise the following:
the first thing you need is protection
from a simple, not expensive, get dirty, take it to a new level
you raise it to unix - the access filtering server - it will act as a firewall,
then you zanet the entire network - so that it is not physical, but virtual.
I'll give you a hint, the mask should be 255.255.0.0 - access will only be to a public network, i.e. from the outside you will not pick up, you will think how to connect. I don't want to be more specific, and I've said quite a lot.
What I say lastly Azure is a bonal network of virtual machines and that's it.