![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 33%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,909 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello Khushboo Kumari,
Thank you for posting in Q&A forum.
Please check if you can see event ID 4724 via Security log on Domain Controller after you reset the password for one domain user Domain Controller.
For example:
If do not see event ID 4724 via Security log on Domain Controller after you reset the password for one domain user Domain Controller. You need to enable audit policy on domain controller by edit Default Domain Controller Policy object:
Legacy audit policy: Computer Configuration\Windows settings\security settings\local policies\audit policy\Audit Account Management - Success and Failure
Or use advanced audit policies (advanced audit policies will overwrite all legacy audit policies by default): Computer Configuration\Windows settings\security settings\Advanced Audit Policy Configuration\Audit Account Management
Subcategory: Audit User Account Management.
Then run gpupdate /force on domain controller, then check if you can see event ID 4724 via Security log on Domain Controller after you reset the password for one domain user Domain Controller.
If so, please try to reset the DSRM password again to see if you can see event ID 4724 via Security log on Domain Controller after you reset DSRM password.
If it still does work, or you may need to check the steps you reset DSRM in the link below.
How to reset the Directory Services Restore Mode administrator account password in Windows Server
4724(S, F): An attempt was made to reset an account's password.
Note:
1.Once you configured any one advanced audit policies, then all the legacy audit policies will be overwritten by default.
2.If you have never configured any advanced audit policy before, then you can configure the legacy audit policy.
3.If you have configured any advanced audit policy before, then you need to configure the advanced audit policy.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.