First of, are their any ports currently open, possibly TCP 80 and/or TCP 443? If they are open you could use LWP::Useragent to access a page on your intranet server. The page on the intranet server would handle the AD testing and return a yes/no answer. You could then parse the output on the DMZ server for confirmation.
If there are not any ports open, you could set up a host to host rule on the firewall (Even though you said you wanted to avoid this), where inbound traffic is only permitted from the DMZ server address to the intranet server address. A rule like this is safer than just opening up the port to any internet host.
Hope this helps.