porterj5

You *could* put an AD server out on the end of a VPN, but remember that the service you pay your ISP for is just to connect you to "the internet". Usually in between any two given locations on the internet the traffic goes through half a dozen or more different companies. Any one of them could have a failure or make a human error that causes the connection to not work for hours or days. yes you can call your ISP to report it, and if you pay for business class service they will probably care at least a little and try to talk to the other ISPs that they connect to, but in the end it isn't a problem your ISP can fix. Here's some examples:
One of my permanent site-to-site VPNs connects to a friend one town over. Since we're on different ISPs, the traffic actually has to travel about 150 miles to the closest internet exchange datacenter, and then travels back. In the traceroute, I have my ISP, then "alter.net", then "level3.net", then his ISP. Once his ISP made some error that meant that they were effectively cut off from the internet. He basically couldn't use any service that wasn't running on an "edge" server within their network, or redirected through something like Cloudflare which has endpoints all over the place and then I believe uses their own internet connections to contact the website. This outage lasted almost 24 hours. His ISP is not the biggest, but its one of the big ones in the US. Another of my permanent site-to-site VPNs connects to my grandparents house 4 states away (about 250 miles). That traceroute currently has my ISP, "alter.net", "telia.net", then their ISP, but in the past I've also seen the route go through GTT, Level3, and Cogent. A few times the VPN has disconnected, but neither my ISP or their ISP had made any mistakes. By using traceroute and the "Looking Glass" service that nearly all the backbone providers have, I was able to find that one of the ISPs in the middle (Level3 I think) had no routes at all for my IP block (i.e. the block of IPs that my ISP owns that my own IP is a part of) at one of their datacenters. If I looked at other datacenters they have, then that route was present. Since my ISP thought that the route to the other address was supposed to go through that particular datacenter though, the packets got dropped since the router there had nowhere to send them (apparently there wasn't a "route of last resort" (default gateway) set up, which sort of makes sense given that this is a Tier 1 backbone ISP, they don't have anyone "above" them to default to). This was definitely the result of a human error, but of what nature I couldn't tell for sure. That situation lasted about 12 hours.

For context, anyone who runs BGP and has more than one other ISP they connect to should always have a route for every single IP address that they might get (purists will say for every IP address on the internet, but if I'm in the middle of the US, I can group all non-North-America IPs into groups like "over the Pacific, "over the Atlantic" and "South America". But BGP is a complicated beast, and the operation of it amongst the big ISPs is cut-throat and political. With BGP, you announce the routes that you have available (the IP blocks that you can reach) along with some details about the route, like whether it is a block that you directly service, or if it will be passed off to other ISPs. You will likewise get GBP data from all the ISPs you connect to, and then you apply lots of rules to the data you get as you try to combine all the avialable routes to figure out the best one for each IP block. "Best" is defined by the rules, and this is where BGP gets mean. ISPs will manipulate their rules based on contracts and agreements between each other, and also based on whether they think the other party is being unfair (sending more traffic then they are accepting), the CEOs recently had an argument, and other reasons both technical and mundane. Theoretically its also based on which connections are the most congested or underutilized at the moment, but by the time they apply other metrics, a link will basically be used for given routes until it goes down or the metrics get changed. What this means is that for all routes for a given IP block to just disappear, as I saw with my connection to my grandparents house, someone had to have made a mistake while updating their BGP rules, either on the broadcasting side (e.g. my grandparent's ISP wasn't broadcasting the BGP route properly) or the receiving side (the ISP in the middle that had to set up the route). Long story short, you can't rely on a site-to-site VPN connection to be up all the time, and if you have your only AD server, or worse the only DHCP server, on the other end, you are going to have issues on that one day that it just will not connect.

My work computer I leave on 24/7.  My computer at home I turn it off when i am not using it.

cool

very nice

looks good

Agreed