what is the official word on creating IP sec between domain controllers? Are
there best practices? Should we even do this if all the DC are not separated
by Firewalls? I'm having some challenges trying to convince management NOT
to want IPSEc among all DC's and Exchange servers in our environment...

Unless we cross firewalls, should DC to DC have IPSEC? is it worth the