Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Unable to correlate Password Reset Event with Logon Event via Logon ID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 59%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
TheGrea
11
Reputation points
Hi Community,
If I reset an AD Users password via the dsa.msc console I'm unable to correlate the Logon ID in the 4724 Password Reset Event with an associated 4624 Logon Event. The only events I can correlate with the Logon ID are 4634 Logoff and 4672 Special Logon.
Interestingly if I reset an AD Users password via ADSI Edit, the net user or the Powershell Set-ADAccountPassword command I can perfectly correlate the 4724 Event with an 4624 Event via the Logon ID.
This behavior can be reproduced on a domain controller installed/promoted from scratch. Tested with Server 2016 & 2022
Has anybody else experienced this behavior?
Best regards
Alex
{count} votes
-
Carlos Solís Salazar 17,791 Reputation points MVP2022-07-25T14:07:38.107+00:00 Thank you for asking this question on the **Microsoft Q&A Platform. **
You have not received answers or comments to your question because it may be ambiguous or confusing.
I recommend you visit How to write a quality question and verify that your question meets some of the recommendations.
Hope this helps,
Carlos Solís Salazar----------
NOTE: To answer you as quickly as possible, please mention me in your reply.
Sign in to comment