To ensure the same level of security in your AD-throughout your organization, you need to have a security baseline for your AD and your Domain Controllers (DC). Whilst the security baseline has to be in line with your organizational security policy, there are several things that you should consider implementing.
The default Domain Security Policy contains default values that are quite relaxed for most organizations. You should definitely change some of them.
As per Microsoft's recommendations (see: http://technet2.microsoft.com/windowsserver/en/library/cae0e49c-7929-4c94-be3a-ea6a63f09b6e1033.mspx for more information), you should at least change the password policy, the Account Lockout Policy, and the Kerberos Policy, all of which can be found in the Default Domain Security Settings under Account Policies, as shown in the following screenshot:
Strengthening an AD through password and Kerberos settings might not seem directly related. However, with proper password...