Connect to a non-domain client from a domain computer BUT as domain user? (Windows RDP)
Solution 1:
A computer that is not domain-joined cannot be managed through an Active Directory, but it is possible to remote manage these computers upto a certain degree.
Even though these computers are not domain-joined, if you create a local user that has an identical username and password as stored in the Active Directory, a user can login seemlessly to that computer as it will first try to authenticate with the username/password that was used to login to the computer. The system is smart enough to not submit the domain too, so as long as the username and password in the Active Directory domain are also present for the local user on that computer, that user can seemlessly login and there is no need to share extra username/password combination.
It becomes more tricky when the AD credentials change, eg. the user changed his password. Then, it no longer matches, and the user will get a prompt to enter their password. The user then can enter their old password to connect until the password is changed on that pc.
If you want a seamless experience, you will have to domain-join the target computer to a domain. You can of course have multiple domain controllers in a forest and have them sync the users across the entire forest, allowing you to have 2 different domain controllers, one for each location. Alternatively, you can also just use one domain controller in one area, and use enterprise-grade routers to create tunnels between locations, such that all computers can be domain joined. This is a common and safe way to do this. A user changes their password, doesn't matter, they can still RDP into the new location without a problem.
Obviously, given that local users and groups don't sync to an active directory on a non-domain-joined pc, its not possible to control access without some weird scripting to remotely manage those non-domain-joined pc's. If the pc's are domain-joined, then it is just a matter of assigning rights to a user and manage access through groups.