Installing Terminal Server (Remote Desktop Services) on a Domain Controller (Active Directory)

The simplest things I can think of right off the bat: Start a process that fills the hard drives or RAM and crashes the server.

More insidious tactics would use everything from cache and side band attacks to malware and hacking toolkits to derive any and all information from AD, including potentially reversible passwords, security and other sensitive information.

When someone connects to a machine via remote desktop, they are using that machine just like they are sitting in front of it. Doing this with a domain controller would be like putting your domain controller at a user's (or several users) desk for use in their day-to-day work. Everything your users do that might possibly change the state of machine is happening right there to the system hosting your active directory. Forget malicious hackers for a moment (not that they aren't a problem too) — the chances that one of your own users accidentally breaks something important or runs a resource intensive app creating an effective denial of service approach 100%.

A Remote Desktop Gateway configuration should be run on the perimeter network. This allows for risks due to the very nature any sort of remote access port exposed....

Therefore if a remote attacker were able to compromise your Remote Desktop Gateway they would find themselves inside your DC.

This could be accomplished using man in the middle attacks, and/or forging the certificate to name just a couple.

You absolutely SHOULD NOT install your Remote Desktop Gateway on your DC. If you have the power on the current server to put it in a VM that is better, or on another physical machine.

Take a look at the following documentation. I found this very helpful at setting up a basic RD Gateway

Part 1

Part 2

Here is the MS whitepaper