Active directory Patch Update best practise

I use WSUS which is a great way to manage patches, as it can be scheduled to suit your requirements.

http://www.microsoft.com/en-gb/download/details.aspx?id=5216

Thank you for your information  . I am adding one AD related issue on going  . most of the times PC s that are removed from the network due to OS or hardware issue not disconnecting from the AD . how can I get the PCs that are not in the network due to that reason , how can I get recognized  

And  also my AD objects move from one place to another will take longer time to visible from the AD level .

Some of the PCs already indicating the membership from the client end  . but there is no record in the AD level

DO you know any method to check the required licenses in the network . Any script based utility to manage the right numbers

AD does not keep license information in database and the license system with Microsoft is based on honor system.  Better get a system or at least a spreadsheet setup.

Can I refresh the AD changes manually . same like GPO policy ? there is a countable delay in the AD level

All our servers in the same site  . Any recommended practice for physical and virtual  ? like at least one physical server running AD recommended

It is a good idea to have one physical DCs if everything else will be virtualized.  In virtualization world (Hyper-V, v-Center, etc.), all tend to rely on LDAP authentication which is in most cases is AD.  If you are using VMware, you could get away where you could logon to each server directly instead of vCenter and start your DC in an event where the VMs didn't start correctly.

this is Microsoft . how can I go with the time setting  . 2ads one is GC server .

I've requested that this question be closed as follows:

Accepted answer: 500 points for kola12's comment #a40796101

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.