When installing Active Directory on a Windows Server 2012 R2 machine, you get this warning:
Windows Server 2012 R2 domain controllers have a default for the security setting named “Allow cryptography algorithms compatible with Windows NT 4.0” that prevents weaker cryptography algorithms when establishing security channel sessions.
For more information about this setting, see Knowledge Base article 942564…
It is safe to ignore this warning, but if you want to increase the security of your AD environment you can go into group policy and disable Allow cryptography algorithms compatible with Windows NT 4.0. Doing so may cause issues communicating with Windows Server 2003 and prior operating systems.