AD is distributed, living on multiple servers, so I'm not sure what you're getting at with the AD database.

Lots of people do run DNS/AD DC (domain controllers), and DHCP on the same box, but there are a few of them. In one environment, we had 4 or 5 DNS servers (not dedicated) and over a dozen DHCP servers. Add in print servers and file servers, and we can easily be talking 2-3 dozen servers in a large environment.

We use VMs? Part of that is being able to separate off services to separate Windows instances, perhaps for compatibility, perhaps because departments want their own server (political reasons).

As you move to dedicated machines for certain functions, say an app to handle door security, maybe one for network config software, maybe one for filtering software, you can end up with a profilferation of machines that don't really need a full physical server, but require separation from other apps for some reason. Might be as simple as an ignorant vendor that won't provide support unless it's on it's own Windows instance.

VMs make sense. Not everywhere, and not for all production systems, but they make sense.