As the service account has Domain Admin privilege, can we implement logon restriction to the service account to few specific DC's and any related ER app and Database servers without break the ER application functionality?
解决办法
In general, if ER components can connect to any available DC, then it should work without breaking. Then you can implement the logon restriction on ER service account.