To virtualize the PDCe or not to virtualize the PDCe…
The question isn’t can you, but should you virtualize the Primary Domain Controller emulator (PDCe) FMSO role holder. And of course, the answer is, ‘It depends’. Of course it does, why wouldn’t it be black or white? Because there are too many options to consider. Finding the PDCe: There are a few different ways to
No longer expire your passwords
The world is always changing and the password expiring value is one that recently was updated. Microsoft has updated the stance around expiring passwords: https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/ The short answer is, only the expiring portion of the password policy is being discussed. You way want to still expire passwords, but with technologies like Windows Hello, the world
Exchange and network ports
Q: Can network ports be restricted between Exchange servers within an environment? A: No. We continue to receive the question about putting firewalls in between Exchange servers. It’s a bad idea, so don’t do it. However, if your security team says you must do it, then we do have guidance available: https://blogs.technet.microsoft.com/exchange/2013/02/18/exchange-firewalls-and-support-oh-my/ The short answer