AD subnets VPN

I'd recommend the following:
1. Ensure your primary DNS server is an AD-integrated DNS server in addition to your secondary. Typically, folks use DCs as DNS servers but this isn't required (it could be an AD-integrated DNS server that isn't also a DC). The best practice is that the DNS server has all the records used by workstations to find domain controllers to authenticate and having DNS be AD-integrated helps ensure that will happen.
2. Set up your AD sites and services subnet to associate the subnet used by the remote office with the DC at the main office. This ensures that machines in that remote office will connect to the DC(s) in the main office and not some other DCs that could be in another remote office (if you have one).


Thanks!

I know how to add the additional subnets, but how do you make it associate?

Also ensure correct dns setting on DC/clients as this

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

To associate the subnet with a site see this:
http://www.activewin.com/win2000/step_by_step/active_directory/adsites.shtml

Ok the second DC at the remote location is in a different time zone? The DC is pulling the time from the main office. How do I fix that issue?

I set the second DC at the remote location to the right time zone. But now the DC at main office is complaining about the time difference event ID 1925.

Are you able to post the full event error message?

ID 1925 usually refers to DNS lookup issues regarding AD replication.

It may be worth resetting the NTP configuration on your secondary DC too:

net stop w32time
w32tm /unregister (enter this command twice if presented with an error)
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Select allOpen in new window