I have 2 sites (HO + Branch), both with Win Servers 2003, connected by a tunnel. I want to have a DC in each location to allow for local login/authentication.
Can someone tell me what roles I should assign to the DC's in the remote branches?
I am about to install a Win 2012 DC's in each location in case that matters.
Typically, if the home office is the largest, that's where all of the FSMO role holders are.
The domain controller(s) at the branches should be both DNS servers and Global Catalogs.
It essentially doesn't matter where you put the FSMO roles : although it's a good idea to have the PDCe in the office with the most people, since that's the one that handles notifications for password changes, lockouts, etc. With a HQ and a single branch office, you might as well leave all the FSMO roles on the HQ, especially if that's the office with better hardware and better backups.
Edit- as mentioned below, if you only have (and likely only will have) a single domain, you can and should simply make all of your DCs also GC servers - and that's not a role, which is what your question asks for.