Alright, you have a T1 connection to the internet at one location. But not to the "wharehouse". Then at the wharehouse you have some other type of internet connection. Now, what you're trying to do is create a child domain at your wharehouse. Yes, create a VPN, either software or hardware, between the two sites and then run dcpromo. I would also use IPsec. What KorpDeath means is that if you had a private T1 line between the locations , then you would have no reason to secure it because no one can "see" the stream. Hope this clears it up about. I'm pretty sure I understand your scenario.
-NeuTron