The answer to this question (or the resulting inquiries) may be way over my head, but here goes.
We currently have a main office and two remote offices. We have a Windows Server 2008 R2 (standard, not read only) in each of the three offices. Each one of the servers is a DC. I am not sure this matters to the question at hand but the main office contains a Citrix farm that all users in the remote offices address. Max, 10 users in each remote office. (Yes, I know a DC in each remote office was probably not needed but I tend to overbuild a little).
Each office has its own pretty good (40 mbs) broadband connection. In addition, each remote office has been connected to the main office by a dedicated point-to-point T1 connection for over 10 years.
The use of the point-to-point connections is gradually being phased out. We currently have a phone system that uses it but our new system will not need dedicated point-to-point connections (or so I am told, we shall see). As soon as we have eliminated the network need for the point-to-point then the new phone system can be installed and tested. We will cancel the point-to-point connections as soon as we have a history of no longer needing them.
There is a SonicWall NSA 3500 in the main office and SonicWall 215s in the two remote offices.
Workstations in the remote offices connect to their local domain controllers which handle printing for that office and all Citrix connections use the broadband Internet connections.
Goal: Phase out point-to-point connections
These point-to-point connections are quite expensive each month and our goal is to eliminate them. But, Active directory replication between the sites takes place over the old point-to-point T-1 connections.
Our thinking is to use the SonicWalls to create site to site VPNs between the main office and each of the remote offices and then do the active directory site replication using these VPN connections.
1. As stated, Active directory replication between the main office and the two remote sites takes place over the old point-to-point T-1 connections. We think we can set up the VPNs to replace those connections but what is unclear is how we then force active directory site replication to use these new connections and to stop using the old point-to-points? Is it even possible to do this while the point to point connections are still in place handling the old phone system?
2. Are there any settings or rules we need to consider on the SonicWall that will allow the site to site replication but not put extra burden on the VPNs with unneeded overhead traffic? We recognize this is somewhat open-ended so are we are just looking for some major do's and don'ts.