Once the host machine boots up, AD assigns it a role in the domain. PDP daemon then learns the machine role, and Identity Awareness database is updated with the machine role successfully. However, resources based only on hostname cannot be accessed until some (any) user logs in and gets mapped with the machine.Desired behavior is that Identity Awareness allows access to resources once machine boots up, with access role for machine identity only (any network, any user, identified machine or specific machine), before any user logs in to the machine and gets mapped to it.
PDP daemon learns machine role from AD query. However, this identity is not passed along to PEP daemon as long as user is not mapped to that machine.