As a cybersecurity architect tasked with hardening Active Directory Domain Services (AD DS) in a large organization, you must consider multiple security measures to protect against potential threats. The organization operates in a highly regulated industry, requiring strict compliance with data protection standards. Additionally, the solution must balance security with usability to ensure that employees can perform their duties without unnecessary restrictions. Which of the following measures should be prioritized in your AD DS hardening requirements to meet these objectives? (Choose one.)