To set up Active Directory user logon restrictions, the following steps should be taken:

1. Create security policies, which include enforcing a specific password length, length of time between password changes, and expiration date of user passwords.
2. Implement authentication tools, such as biometric technology or time-based access to user accounts.
3. Enforce user accounts with multi-factor authentication.
4. Audit user behavior regularly to identify suspicious activity.
5. Provide secure logon to all users, by using multi-factor authentication or password algorithms.