Jeff,
Short answer: yes, you can do this.
Some pre-requisites: make sure you're using the latest AD Authentication module (dnnauthad.codeplex.com). It's easier to do this using the 5.x codebase than the 4.x codebase, but either work.
Long answer:
I've done this and it works with some success. I'm using Active Directory forms authentication (Admin -> Extensions -> DNN_ActiveDirectoryAuthentication -> Click the Pencil) as my primary authentication method for my Extranet. In "Auto-Login IP Address," I put my domain subnet (eg - 192.168.0.1 - 192.168.0.254). I saved and restarted the application - not just via the host interface but also recycled the application pool manually. You probably don't have to do the manual recycling, this was my choice.
Internally, I use Group Policy to set a favorite that links to "http://mysite.com/DesktopModules/AuthenticationServices/ActiveDirectory/Windowssignin.aspx". Externally, users go to "http://mysite.com/login.aspx." If you're setting "http://mysite.com" as the home page via GP, you would want to change it to "http://mysite.com/DesktopModules/AuthenticationServices/ActiveDirectory/Windowssignin.aspx". Because "mysite.com" is not the same as my AD domain, I also needed to use GP to set "mysite.com" as a trusted domain for Internet Explorer.
Because the extranet isn't the same as our intranet (intranet is Sharepoint), this has only been a moderate success. Most users are still using the login form. This is due to the fact that many just type in the address when they need to go there. Additionally, this clearly relys on your users using IE internally. About 1/4 of my users do not, so this isn't really even an option for them.