We have a datacenter with a lot of stuff and a domain over there. We have a different domain at our corporate office and Exchange. We are considering moving Exchange to the datancenter which is fine and it could find a DC over the VPN.
My concern is when people at corporate log in I never want them to authenticate over the VPN. I also would want Exchange to check the local DC first then go over the VPN if needed. I know this could be done with sites but I am not comfortable with setting that up.