Active Directory environments configured to use Network Address Translation (NAT) appear to be a support scenario with multiple configurations some supported and some unsupported. Detailed below is the information I have collated so far.
Active Directory over NAT – KB 978772
The Microsoft statement regarding Active Directory over NAT is:
Active Directory over NAT has not been tested by Microsoft.
We do not recommend Active Directory over NAT.
Support for issues related to Active Directory over NAT will be very limited and will reach the bounds of commercially reasonable efforts very quickly.
If you are tasked with configuring a network with NAT and you plan to run any Microsoft Server solution (including Active Directory) across the NAT, please contact Microsoft customer technical support using your preferred approach.
Microsoft Online Dedicated Service Descriptions and Service Level Agreements
Microsoft Online Services does not support the implementation of network address translation (NAT) technology between the customer and Microsoft domain controllers. Implementing NAT systems requires a highly specific configuration that is dependent on the networking products used. Even if successfully deployed, NAT systems and devices pose operational risks. They require that customers change their NAT configuration when Microsoft modifies its domain controller deployments. Without NAT reconfiguration, Microsoft authentication to the Customer Forest can fail.