I've setup SonicWall TZ215's with site to site VPN's and had luck using a central AD server without local AD servers on each location, but ran into the once in a blue moon losing trust issues. Does anyone have a best practices opinion on such a setup with many small locations needing AD to access the central server? The next company is looking at 15 locations with about 6 computers/users each. Should I just go with the way I've used in the past to save them an expensive server and setup costs, or should I push for a server at each location? Pro's and Con's of each would also be appreciated.