Active directory is replicated across DCs but server roles are specific to servers for some parts of the directory. The traffic across the vpn would be lessened by making the office a seperate domain. A domain is a security boundary so all roles would then be taken up by the new DCs (you really want 2). They can be part of the same forest with links across the VPN and trusts set up for your domain. As has already been said the level of interoperation required depends on the amount of access across to the main office you need.