Event ID 4723 - An attempt was made to change an account's password
|Sub category||User account management|
|Description||An attempt was made to change an account's password|
When a user attempts to change an account's password, event ID 4723 gets logged.
This log data gives the following information:
|Subject: User who performed the action||Security ID
|Target Account: User account for which the password change was attempted||Security ID
Why event ID 4723 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
ADAudit Plus makes Active Directory auditing very easy by tracking Password Status Changes for Users like password set or changed and account locked out/unlocked details with the help of pre-defined reports and instant alerts.
Event 4723 applies to the following operating systems:
- Windows Server 2008 R2 and Windows 7
- Windows Server 2012 R2 and Windows 8.1
- Windows Server 2016 and Windows 10
Corresponding event ID for 4723 in Windows Server 2003 and older is 627