Assessment Test warning messages
The following table describes warning messages that can occur during assessment tests. These warnings represent recommendations for optimal configuration but do not prevent hybrid directory setup.
Test name |
Short name |
Warning code |
Warning message |
Description |
Resolution |
---|---|---|---|---|---|
Domain Health Tests |
|
|
|
Occurs if there are user accounts in your self-managed AD that have not logged in for an extended period and may be considered stale or inactive. |
Clean up stale user accounts. |
Domain Controller Time Source Test |
|
|
|
Occurs if self-managed AD has the correct time source setup and that there is no large time skewness when compared to a Amazon time source. |
Your primary domain controller (PDC) time server is directed to
|
Free Space Test |
|
|
|
Occurs if your self-managed AD Combined NTDS and Sysvol usage is above supported quota. |
Your self-managed AD should have 24 GB of disk space for hybrid directories. |
S channel SSP Test |
|
|
|
Occurs if a self-managed AD does not use TLS1.2 and AES256 encryption. |
Your self-managed AD must use TLS 1.2 and AES256 for hybrid directories. |
Disk Corruption Test |
|
|
|
Occurs if there is disk corruption on your self-managed AD. |
Your self-managed AD disks should not be corrupted. |
Domain Controller Specs Test |
|
|
|
Occurs if your self-managed AD domain controllers don't meet the required specifications. |
Your self-managed AD domain controllers should have at least 7 GB RAM and 2 CPU cores for hybrid directory. |
Server Level Plugin Dll Test |
|
|
|
Occurs if ServerLevelPluginDll is set on your self-managed AD domain controllers. |
Your self-managed AD domain controllers should not have ServerLevelPluginDII configured. |
Allow NT4 Crypto Test |
|
|
|
Occurs if self-managed AD allows NT4 Cryptography. |
Your self-managed AD should not use NT4 Cryptography. For more information, see Microsoft documentation. |
Orphaned Admin Users Test |
|
|
|
Occurs if orphaned admin users exist in your self-managed AD. |
Remove orphaned users on your self-managed AD before continuing. |
Privileged User Count Test |
|
|
|
Occurs if the total count of your Built-in Admins, Domain Admins,and Enterprise Admins on your self-managed AD a is greater than 5. |
Your self-managed AD environment should not have multiple privileged accounts. You should remove excessive admin accounts before continuing. |
Privileged User Count Test |
|
|
|
Occurs if the total count of your Built-in Admins, Domain Admins,and Enterprise Admins on your self-managed AD a is greater than 5. |
Your self-managed AD environment should not have multiple privileged accounts. You should remove excessive admin accounts before continuing. |
Privileged User Count Test |
|
|
|
Occurs if the total count of your Built-in Admins, Domain Admins,and Enterprise Admins on your self-managed AD a is greater than 5. |
Your self-managed AD environment should not have multiple privileged accounts. You should remove excessive admin accounts before continuing. |
NTLM Test |
|
|
|
Occurs if NTLMv1 is enabled for authentication on your self-managed AD. |
NT LAN Manager version 1 (NTLMv1) has known security
vulnerabilities and should not be used. Disable NTLMv1 on your
self-managed AD. For more information, see Microsoft documentation |
Tombstone Lifetime Test |
|
|
|
Occurs if the Tombstone lifetime on your self-managed AD is more than 180 days. |
The Tombstone lifetime is the number of days before a deleted
object is removed from AD. The Tombstone lifetime value for your
self-managed AD should be 180 days or less. For more information,
see Microsoft documentation |