MicrosoftThe Default Domain Policy and the Default Domain Controllers Policy are spesial GPOs with special GUIDs. They should not be unlinked, disabled or deleted.
The MSFT Windows Server 2022 - Domain Security contains little more than the Default Domain Policy, and I usually run the command below instead of importing this GPO. This modifies the Default Domain Policy.
Set-ADDefaultDomainPasswordPolicy -Identity (Get-ADDomain).Forest -MinPasswordLength 14 -LockoutDuration 00:15:00 -LockoutThreshold 10 -LockoutObservationWindow 00:15:00
The MSFT Windows Server 2022 - Domain Controller contains a lot more settings than the Default Domain Controllers Policy and some settings are conflicting, so I personally link this to the Domain Controllers OU and change the link order. But I've also seen some configurations where the Default Domain Controllers Policy has been modified with each setting.