Windows Server DHCP server AD logon failures

asked 2022-06-06T15:29:19.143+00:00
Chris M 1 Reputation point

Is it normal for a Windows DHCP server to fail logon attempts back to AD as the DHCP client account?

Possibly part of the dynamic DNS updates maybe?

For example, PC1 gets an IP from DHCPSERVER1. At some point a logon attempt occurs with the account PC1 sourced from DHCPSERVER1 to Active Directory. The logons are failing, but this does not seem to be causing a (obvious) problem.

I could not find anything in MS documentation that would explain the behavior.

I only noticed because one of the alerts created by the Defender for Identity tool was one related to account enumeration, and upon investigating I found it was a DHCP server.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
925 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2022-06-06T15:44:15.817+00:00
    Dave Patrick 328.6K Reputation points Microsoft MVP

    Doesn't sound right but not much to go on here. Do you have any more details?