Unable to correlate Password Reset Event with Logon Event via Logon ID
Hi Community,
If I reset an AD Users password via the dsa.msc console I'm unable to correlate the Logon ID in the 4724 Password Reset Event with an associated 4624 Logon Event. The only events I can correlate with the Logon ID are 4634 Logoff and 4672 Special Logon.
Interestingly if I reset an AD Users password via ADSI Edit, the net user or the Powershell Set-ADAccountPassword command I can perfectly correlate the 4724 Event with an 4624 Event via the Logon ID.
This behavior can be reproduced on a domain controller installed/promoted from scratch. Tested with Server 2016 & 2022
Has anybody else experienced this behavior?
Best regards
Alex