As a CA Admin, I would like to be able to audit changes to the DSRM password (Directory Services Restore Mode)
说明
When AD is installed on Windows Server and during the promotion process for the domain controller, the install wizard prompts the administrator to choose a DSRM password. This password provides the administrator with a backdoor to the database in case something goes wrong later on. The password is also essential for performing maintenance and recovery tasks in DSRM.
If admins forget or lose the DSRM password, they can change it by using the NTDSutil command-line tool. DSRM password changes correlate to event id 4794 in the Windows Event Log.
解决办法
Enhancement Request # 469799 has been created for a future release of Change Auditor
