Morgan:

The servers do run AD for my "domain" however I log onto my workstation and laptop locally and sweetie pie logs on either locally, (if she needs to install something), or as a domain member under normal use so her stuff is backed up to the server.

Frankly I'm not particularly worried about a compromise of my domain but rather the fact that my workstation and laptop hold the "keys" to the work "kingdom" in that they are used to initiate VPN connections and then other domain authentications that I would rather not have "go public".