browse
Overview
You may notice the following log entry present in the OpenDNSClientAudit.log:
7/10/2023 3:01:36 PM: DN not found! for IP: X.X.X.X, User: POD1234$
Rest assured these entires are normal and in no way indicative of a problem with your AD Connector.
Cause
This behavior is intentional and not indicative of an issue or error, although it is still recorded in our logs.
Technical Details
When the Connector server reads event logs on all registered DCs, we are looking for logon events from actual users. Logons from machine names are disregarded as they are not valid users. For accuracy when we read a new logon event before creating a user to IP mapping, we go back to AD and validate the user exists. In the case of a machine name logon the DN will not be a user DN, it will be a machine name DN.
Similar to the example log entry above, all machine name logons will have a trailing$ at the end of the name. The User: POD1234$ is not a valid username, so we don't want to create a user to ip mapping for that user. The log entry indicates that no valid user DN was found, so rather than generating a new user-to-IP mapping, the system is disregarding the log entry.