In light of having to deal with the Conficker virus. I would like to harden my Domain Controllers for best practices. I'm rebuilding one of them and would like to apply the best practices in deploying. I would like any suggestions for best practices. Such as locking the un-needed services down/turning them off. Ports open/closed. Window's updates are fully patched, this will help alot. As the infected DC was not fully patched.
DC1 - Serves DNS requests, DHCP and WSUS (soon to be removed).
DC2 - Backup DC (Being rebuilt). It will be replicating DNS and AD of course.
DC3 (Across the L2L WAN Link) Serves DNS and DHCP.
Any suggestions would be greatly appreciated.