Domain controller in cloud, how do we set up local BDC

We have a domain controller (exchange box) hosted at our hosting provider. We need to set up a local domain controller so we do a VPN and local authentication tasks.

I can make the PDC accept all connections from our Office IP. How do I get the office router to correctly allow two way communications between the PDC (cloud) and the local DC. Is there a list of ports I need to pass through to the local DC?

Thanks!

"PDC" and "BDC" used for clarity--I know that the concept is obsolete.

1 ) Stop calling them PDC's and BDC's. That's been extinct for a decade.

2 ) If you have a VPN tunnel from your site to the provider, there are a TON of ports you're going to need to open, primarily DNS, RPC endpoint mapping, etc. I don't know the specifics and I'd be inclined to allow all traffic over the tunnel.

There's no such thing as a PDC or BDC with AD, those terms apply to NT3 and NT4 (from 13 or so years ago). There is a PDC Emulator FSMO Role, but that's somewhat different.

I'd suggest setting up a VPN of some kind between your hosted box and your network. Then running the AD traffic over that. There are many different ways to accomplish this, and which one is appropriate for your case will depend on what gear you have already, how much you're willing to spend on new software/hardware, your knowledge level and who has to maintain the setup...

You might want to get a local consultant involved. This shouldn't be overly complicated or costly.