I need to expose Active Directory, or at least the address book functions on the internet for some mail clients and other devices. The standard response is to simply not or vpn in, however VPN isn't an option for us with some of the hardware devices.
A number collages expose their setups out to the internet so I'm assuming there has to be a safe way of doing it. Best option I've come up with to install a linux ldap host, then hourly sync over the relevant contact information however that seems like major overkill.
I have to agree; it sounds like a bad idea.
Have you thought about setting up an ADAM instance (ADLS if you are using 2008) and replicating the information you care about to it from ADDS? That way all of your domain information isn't avalilble on the internet :)
Good luck..