Hello
Thank you for your question and reaching out. I can understand you are having query related to Event logs.
You need to enable Advanced Audit log policy for AD object created\modified\deleted\accessed
Create a new GPO.
Click Edit and navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies. Under Audit Policies, you'll find specific settings for Logon/logoff and Account Logon.
Logon/logoff:
Audit Logon > Define > Success and Failure.
Audit Logoff > Define > Success.
Audit Other Logon/Logoff Events > Define > Success.
Account Logon:
Audit Kerberos Authentication Service > Define > Success and Failure.
------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--