Hi @Edwald Neo
Your question raises a few concerns to start with, as you would expect that you already have controls on who can physically and virtually (VPN) connect to your network.
There are a few options to block access at different levels, the easiest to implement rules at the Windows firewall level of the servers and workstations that will reject connection from uncontrolled networks. You should also implement rules to block unknown\unauthorized traffic at the network firewall level as well.
You can also block specified IP addresses from performing ldap queries against the DCs - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/47e2d581-66c9-430b-bca1-c0a73485fd10
Gary.