Very Scary. Internet Connection Sharing is based on having TWO network interface cards(NIC). First one being the normal IP address that connects to the “internet” (i.e. has a public address that can be routed). the second card is given a private adress (usually 192.168.1.1) and becomes the gateway for the other machines wishing to connect outside.
First problem with your ‘double-homed’ system will be DNS. If your workstations see the server having two addresses (the public and the private) and cannot reach both addresses login becomes very problem prone.
Second problem is exposing the Domain controller to the internet.
Recommend a dedicated box with two NIC’s setup as the gateway/firewall. Place the domain controller inside the protected space. This avoids the load of surfers slowing down the domain controller which has more important things to do.