What specific requirements would you specify to harden Active Directory Domain Services (AD DS) in a large enterprise environment that faces frequent cyber threats?