Audit Monitoring - Domain Controller

You can create a group policy targeting your domain controllers to enable Security Audit, specifically "Audit account management", you can find the documentation about these events here: https://video2.skills-academy.com/en-us/windows/security/threat-protection/auditing/basic-audit-account-management

So, you need to configure auditing under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.

Yes we tried this option but still the local computer audit information is not stored in the domain controller.

Only changes on Domain Controller is getting stored. Please let me know if there is any other way we can monitor this

Hi,
Based on my understanding, even the changes were made from the workstation ,the events for the account management should be also logged on the DCs.
Even we manage the accounts from the workstations, the opteration should by done by connect to the DCs.

I also did a test : i try to change password and create new user accounts through RSAT from the workstation, the management events were logged on the DCs.

So i would recommend you check if the the audit policy was on the DCs by :

Configure the settings to success and failure through the Advanced Audit Policy.

Then run gpupdate /force on the DC and run command :gpresult /h to confirm if the policy was applied successfully.