In addition to the monthly security patches from Microsoft, some hotfixes are worth to apply on Windows 2008 R2 servers and in particular on Domain Controllers.
First of all, there’s the enterprise rollup package which is available in the Microsoft Catalog but is not available to Update Services by default. It is worthwhile to mention that revisions of this article do mention regression issues and after this package, three additional msu files must be installed.
Secondly, for any DFS-R machine, including the domain controllers as far as the SYSVOL replication is concerned, you’d better align your policy of auto recovery in case of corruption with the new recommended default Microsoft applies starting with WIndows 2012: this implies to install this hotfix and to create a registry key. Be careful that for once the key StopReplicationOnAutoRecovery must be put to 0. You may want to create a group policy preference and link it to your Domain Controller OU.
Note that for DFS related hotfixes, for both namespaces and replication, there’s a knowledge base article which is not to be missed to know what’s the latest recommendation.
Your Domain Controller is probably also a DNS Server. In this case, this hotfix may be useful as it contains one of the latest version of dns.exe. Speaking of DNS, you may have heard of this problem of top-level domain resolution. It is not Microsoft implementation related, but a Group Policy object linked to your Domain Controllers may also help.