browse
Overview
You may have noticed the following log entries present in the OpenDNSClientAudit.log:
7/10/2023 3:01:36 PM: DN not found! for IP: X.X.X.X, User: POD1234$
There may be a concern when seeing these entries in the log, but rest assured they are normal and in no way indicative of a problem with your AD Connector.
Cause
This is functioning as designed vs an actual problem or error, but we do log it regardless.
Technical Details
When the Connector server reads event logs on all registered DCs we are looking for logon events from actual users. We do not care about logons from machine names as they are not valid users. For accuracy when we read a new logon event before creating a user to IP mapping, we go back to AD and validate the user exists. In the case of a machine name logon the DN will not be a user DN, it will be a machine name DN.
All machine name logons will have a trailing$ at the end of the name as you see in the example log entry above. The User: POD1234$ is not a valid username so we don't want to create a user to ip mapping for that user. The log entry is saying valid user DN not found so we are ignoring that log entry vs creating a new user to IP mapping.