Event ID: 4781The name of an account was changed
The name of an account was changed: Subject: Security ID: %5 Account Name: %6 Account Domain: %7 Logon ID: %8 Target Account: Security ID: %4 Account Domain: %3 Old Account Name: %1 New Account Name: %2 Additional Information: Privileges: %9
This event generates every time a user or computer account name (sAMAccountName attribute) is changed.
For user accounts, this event generates on domain controllers, member servers, and workstations.
For computer accounts, this event generates only on domain controllers.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"User Account Management"
LEFT/RIGHT arrow keys for navigationBack to List