![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
656 questions
Hello 2AI,
Thank you for posting in Microsoft Community forum.
1. what security measure can do on domain controller which has PDC emulator?
A1: Usually, you do not need to do other security protection measure on only PDC.
2. what network restriction and group policy can further do more on this PDC emulator domain controller than first domain controller and other domain controller ? such as block 443, 80 , 53, and only allow specified ports for PDC emulator? do all domain controllers need endpoint encryption?
A2: Group policy settings on all DCs (including PDC) are the same, because they will replicate between AD replication and SYSVOL replication.
No specific network restriction on this PDC emulator domain controller.
For securing AD or DC, you can read links below.
Best Practices for Securing Active Directory | Microsoft Learn
Securing Domain Controllers Against Attack | Microsoft Learn
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou