Is it normal for a Windows DHCP server to fail logon attempts back to AD as the DHCP client account?
Possibly part of the dynamic DNS updates maybe?
For example, PC1 gets an IP from DHCPSERVER1. At some point a logon attempt occurs with the account PC1 sourced from DHCPSERVER1 to Active Directory. The logons are failing, but this does not seem to be causing a (obvious) problem.
I could not find anything in MS documentation that would explain the behavior.
I only noticed because one of the alerts created by the Defender for Identity tool was one related to account enumeration, and upon investigating I found it was a DHCP server.