Hello DaveC,
As far as I know, there is no single document that contains a "direct" answer to your question.
Section 3.3.1.1 Account Database Extensions of [MS-KILE] contains the text
- Secret keys: KILE implementations that use Active Directory for the account database use the supplementalCredentials attribute ([MS-ADA3] section 2.287).
[MS-ADA3] ultimately references [MS-SAMR] for a full description of supplementalCredentials.
There are tools that can dump the contents of supplementalCredentials. One example of such a dump, using a tool created by Michael Grafnetter, can be seen here: https://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely/
Even neglecting the question of key history, there is no single number as answer to your question - it depends on other settings. If digest authentication is enabled, for example, then 29 hashes are stored just to support that.
Gary