1. Enable account management:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy
- Audit Account management

2. After that, you'll need to run:

C:\gpupdate /force

When a user changed password, you will find below security event:

For example, test account is pwdchgtst
========================
事件類型: 稽核成功

事件來源: Security

事件類別目錄:  帳戶管理

事件識別碼:     627

日期:             2010/9/6

時間:             下午 04:42:12

使用者:          DomainName\pwdchgtst

電腦:      DCName

描述:

嘗試變更密碼:

目標帳戶名稱:  pwdchgtst

目標網域: DomainName

目標帳戶 ID:    DomainName\pwdchgtst

呼叫者名稱:     pwdchgtst

呼叫者網域:     DomainName

呼叫者登入 ID: (0x0,0x84E2D19)

特殊權限: -

請在 http://go.microsoft.com/fwlink/events.asp 查看說明及支援中心，以取得其他資訊。
========================

This symptom seems a known issue when VM running on Hpyer-V, please refer to the following action and try to fix the problem.

Resolution
===========
Before do below action, you need turn off VM first:

1) Open the Hyper-V Manager.
2) Click on Settings.
3) Click on Integration services.
4) Uncheck the "Time Synchronization" option.
5) Reboot the problem server(VM).
The eventvwr registers the W32time event ID 37 which confirms that the time sync is successful with the time provider.

User Logon name(pre-Windows 2000)無法超過20個字元的限制是系統為了相容之前版本的設計，並且無法變更長度限制，變通作法即是以User Logon name(User Principal Name) 來登入，相關說明及建議作法請參考下列資料:

Explanation
===========
I would like to point out that in Windows 2000/above domain, there are two logon name: UPN name (user principal name) and SAMAccountName.

If you open the properties of a user in Active Directory users and Computer, go to the Account tab, you will get:
User logon name: username@domain.com (it is the UPN name.)
User logon name (pre-Windows 2000):domainNetbiosName\username (it is the SAMAccountName.)
Both of the name can be used for logon. At the logon box, you may input the SAMaccountName and select the domain to login or directly input the UPN name without select the domain.

In addition, the user name in SAMaccountname can be different from the username in UPN name. However, the samaccountname and UPN name should be unique in the domain.
We can use more than 20 characters for the user name in UPN name, however we cannot use more than 20 characters in the SAMAccountName.

The SAMAccountName is backward compatible with pre-Microsoft Windows 2000-based servers, the maximum length on SAMAccountName is 20 characters due to LanManager and pre-windows 2000 operating system compatibility. It is by design and cannot be changed.
How about if we use the long name for UPN name but shortname for samaccountname?
For example, when you add the users, you may use the UPN name as
123456789012345678901234567890@domain.com <mailto:123456789012345678901234567890@domain.com>.

Meanwhile, the samaccountname will be domain\12345678901234567890.

At the logon box, we can use 123456789012345678901234567890@domain.com <mailto:123456789012345678901234567890@domain.com> to login or use 12345678901234567890 to login.

More Information
==============

- Active Directory naming
http://technet.microsoft.com/en-us/library/cc739093(WS.10).aspx

User accounts
In Active Directory, each user account has a user logon name, a pre-Windows 2000 user logon name (security account manager account name), and a UPN suffix. The administrator enters the user logon name and selects the UPN suffix when creating the user account. Active Directory suggests a pre-Windows 2000 user logon name using the first 20 bytes of the user logon name. Administrators can change the pre-Windows 2000 logon name at any time.

- Configure User and Resource Mailbox Properties
http://technet.microsoft.com/en-us/library/bb124255.aspx

User logon name (pre-Windows 2000)   Use this box to type a user name that is compatible with legacy versions of (prior to the release of Windows 2000 Server). The user logon name for a version of Windows earlier than Windows 2000 Server can't exceed 20 characters and can't contain any of the following characters: \/ [] : | <> + = ; ? , *.

When the user account is first created, this field is automatically populated based on the User logon name (User Principal Name) field.

第一階段:

開啟 IIS Console 點選到 目錄安全設定.請先檢視憑證. 再將此原本憑證匯出含有私密金鑰憑證

完成匯出備份後.請點選[伺服器憑證]

進入網頁伺服器憑證精靈,請按[下一步]

請點選 [更新目前的憑證] ,請按[下一步]

請點選 [準備要求,但於稍後傳送] ,請按[下一步]

給此憑證要求一個儲存檔名及路徑 ,請按[下一步]

最後確認建立[要求檔案] ,請按[下一步]

完成建立要求憑證檔案,請按完成

第二階段:

IE瀏覽網頁申請網頁更新伺服器憑證

請瀏覽到您的CA server,請點選 [要求憑證]

請您點選[進階憑證要求]

請您將第一階段產生的[要求憑證]檔案內容貼到base 64編碼要求欄位.然後按[提交]

完成提交後.請[下載憑證]

儲存憑證後.請將此憑證拿到此申請的 Web Server

第三階段

進入網頁伺服器憑證精靈,請按[下一步]

請您點選 [處理擱置要求及安裝憑證] ,請按[下一步]

確認使用的 SSL prot 後, 請按[下一步]

確認安裝憑證資訊後,請按[下一步]

完成網頁憑證申請.請按[完成]

You may experience one of the following issues on a Windows Server 2008 system with the Hyper-V role installed or Microsoft Hyper-V Server 2008:
·         When you attempt to create or start a virtual machine, you receive one of the following errors:
·         The requested operation cannot be performed on a file with a user-mapped section open. (0x800704C8)
·         ‘VMName’ Microsoft Synthetic Ethernet Port (Instance ID
{7E0DA81A-A7B4-4DFD-869F-37002C36D816}): Failed to Power On with Error 'The specified network resource or device is no longer available.' (0x80070037).
·         The I/O operation has been aborted because of either a thread exit or an application request. (0x800703E3)
·         Virtual machines disappear from the Hyper-V Management Console

Cause

This issue can be caused by antivirus software that is installed in the parent p...

This issue can be caused by antivirus software that is installed in the parent partition and the real-time scanning component is configured to monitor the Hyper-V virtual machine files.

Resolution

To resolve this issue, configure the real-time scanning component within the ant...

To resolve this issue, configure the real-time scanning component within the antivirus software to exclude the following directories and files:
·         Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
·         Custom virtual machine configuration directories
·         Default virtual hard disk directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
·         Custom virtual hard disk directories
·         Snapshot directories
·         Vmms.exe
·         Vmwp.exe
Notes:
·         If virtual machines are missing from the Hyper-V Management console, you must configure the antivirus exclusions, and then restart the Hyper-V Virtual Machine Management service.
·         If the error code was 0x800704C8, it is likely that the virtual machine configuration file was corrupted and the virtual machine may need to be re-created or restored from backup if restarting the Hyper-V Virtual Machine Management service does not resolve the issue.

Creating or starting a Hyper-V virtual machine on Windows Server 2008 or Microsoft Hyper-V Server 2008 may fail with error: 0x800704C8

http://support.microsoft.com/default.aspx?scid=kb;zh-tw;961804