You said the sites are connected via DSL. I assume this is through the internet. If the users at the remote sites can see the domain controllers, and have a valid domain account, they can log into the domain. With that said, having your domain controllers visible to the internet is asking for trouble. Also, it is not good practice to allow unencrypted communications between sites unless you “own” the medium, as in a site to site T1.
I use remote desktop through VPNs on a regular basis. What was the nature of the problem?
I strongly recommend you set up VPNs between your sites to protect intersite communications. Lacking this, you should require any remote user to use encryption when connecting to another site with a personal VPN. This option would require a VPN server set up to trust active directory.
Since nearly all modern firewalls support VPNs, I suggest you use your site firewalls to establish VPNs between sites. With this arrangement, you can allow normal access to the internet and protect traffic between sites.