Use the Netlogon.log file and Log Analytics to be alerted to clients that do not have a subnet for

Upgraded Domain Controller to Windows Server 1809.

Script to monitor the time sync across domain controllers.

Deploying Windows Admin Center in a high availability configuration, all hosted in Azure IaaS.

Taking a look at protecting Active Directory with Microsoft Banned Passwords.

A little introduction to Advanced Threat Analytics/Azure Advanced Threat Protection.

Details for upgrading Windows Server 1709 to Windows Server 1803