Determining where to place DCs/DNS servers isn’t always straight-forward. However, as a rule of thumb, I take the view that any branch location that’s going to be utilize Active Directory services (authentication, file services, etc), benefits from having a local DC and domain-integrated DNS services.
You might already know much of this, so bear with me…
When deciding where to place DC/DNS Servers, keep the following things in mind:
Domain members rely heavily on DNS services to locate domain resources. For example, when a domain-joined computer boots, it queries domain Service Locator records (SRV) in DNS to locate a Domain Controller against which to authenticate. Without a local DNS instance, this process has to take place over a potentially slow site link. Of course, once a computer has located a Domain Controller, it will continue to authenticate against that server until it something forces the client to find another DC.
Over a slow link, the regular activities of authenticating against remote DCs, querying domain resources, and performing other standard DNS lookups can create a sluggish and somewhat irksome user experience. A local DC/DNS server can greatly improve the user experience (I’m all about user experience) by eliminating delays.
If the link between sites goes down and there is no local DNS service, your users won’t be able to browse the Internet unless you’ve configured secondary DNS servers. The problem I’ve had with secondary DNS servers is that each query first attempts to contact the primary DNS server before attempting the secondary DNS server. This really wrecks the user experience.
For a small branch office with 5 users and a slow link, you might be able to get away