In a location that has 1 T1 connection with ~ 40 - 50 ms ping latency to the closest domain controller, about how many normal users would it take before you would recommend putting a domain controller there with a windows 2003 environment.
The T1 is used for the internet, and their file server and email server will not be with them in that location. There is also some VOIP going over that T1.
As I read the OPs post, there is only 1 data line to this remote site. If so, then the answer to my question below is most likely negative...
In my (limited) experience, it is not a matter of performance, it is a matter of uptime.
How much work could those remote users get done if the T1 is down, and what is the expected and worst-case reliability of that T1? Could a remote DC provide authentication and DHCP/DNS for the users so that a 'meaningfully large' set of applications would continue to be available, even if the T1 is down?
If the site is dead in the water as soon as the T1 is down, i.e. the remote users can't really get any meaningful work done without that data link, then a remote DC makes no sense IMHO. The same goes if the site has lots of meaningful work to do, but that work doesn't require any IT systems. But if the DC could enable the use of other IT systems, then it is valuable.
If you set up a remote DC, then think about Windows 2008's Read-Only Domain controllers, and consider moving other services closer to the users for performance.
If there are no other servers in that location as you state (file server and email server are remote to them) then I wouldn't bother putting a DC there at all. Why bother with maintaining it (even if that maintenance is minimal) or powering it/cooling it, etc.? There really isn't any point of authenticating them locally if they aren't accessing any server resources there (this includes print services, which you didn't mention so I'll assume they connect via TCP/IP or have locally attached printers).
You also asked "how many normal users would it take before you would...":
In my opinion on that, once you get above 10 users or so I would recommend combining some roles and putting a DC that also acts as their local file/print server in that location. Used to be their was a stigma about having a DC running file/print services, but I think it works just fine for 10-30 users.
I wouldn't bother with a DC at all unless you had both a significant enough number of users as well as IT staff on-site. Domain authentication can be quite efficient across WAN links, and XPs cached authentication will handle the rest.
The one major gotcha would be if you had a local Exchange box there and weren't running in cached mode; GAL lookups can be quite murdersome in such circumstances.
I recommend deploying AD when you need to authenticate for using local services. E.g. if users at the location access each other's computers, if they have a local server, etc.
The number of users is irrelevant. Can you rely on sufficient bandwidth always being available when required for AD traffic? Is the connection reliable enough to meet your needs? From your description I suspect the answer to this is yes but only you can know for sure. Regardless, if it was my network they would have their own DC (and file server, etc.). I've been a victim of someone higher up the tree deciding my location didn't need a DC. Long term it just ends up costing more if productivity is affected.
We run a hundred remote offices in that range without DC's. Authentication traffic is too small to justify the (total) cost of a machine. I have found that the "coattails" approach works in the long run; users will complain of slow browsing/mail first (not C+A+D time), then pressure for bandwidth, then AD traffic will ride the coattails of that and viola no DC needed. Remote DC's are painful=cost to support and can be insecure.
