User Password Changes are not appearing in Search or Report results.
By default User Password Change auditing is disabled.
This functionality can be easily enabled by navigating to the following file location:
“C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing\omitproplist.txt”
Open the “omitproplist.txt” and find the entry of *.PasswordChanged and comment it out with a pound/hash sign (#), like so #*.PasswordChanged
When you save the omit list, you will need to have either opened Notepad as Admin or choose to save the file to the desktop and then drop/replace as admin, otherwise you will receive an “Access is Denied” when trying to save the file.
All future User Password Changes will now be audited by Netwrix Auditor.