You can skip this section if your domain topology only has one site
AD DS organizes networks in logical sites that ensure that redundant services are reachable via least-cost routes.
It is, normally, recommended to have at least one domain controller in each AD site. you can have sites without domain controllers, but user logins will be slow if there is considerable network latency between the sites.
A good read on AD topology can be found within Microsoft Docs.
As a rule of thumb, as with domain controllers, you should have at least one SystoLOCK Server in each site. Since SystoLOCK Servers store their data in Active Directory, that data will be replicated from site to site, according to intersite replication schedule.
It is recommended to install at least one SystoLOCK Server per domain controller. So following this recommendation and having at least one domain controller in each site, will ensure smooth operation under most circumstances.
In certain scenarios, where you have CA servers in one site and user objects in a different site, replication delays (typically 15 minutes) might cause login problems to the freshly provisioned users until their data is replcated to the site where CA is installed. Once the replication is complete, the problem should be gone.