If I set up a Domain Controller server to be accessible from the internet via Remote Desktop Connection (through port forwarding in the router), how much of a threat would that be?
and if I have a strong administrator password?
and if there are users with weak passwords?
Which mitigation steps could be taken?
EDIT: I perfectly agree with the idea "use the Domain Controller ONLY as a Domain Controller" expressed in the comments.
But there are cases of small companies (15-30 users) that do not want to purchase more than one server, nor buy a new hypervisor to host multiple servers on it. In those cases the only server ends up doing everything...