These queries show users who own accounts that have been recently enabled. There are several variants of this query, explained below.
Log Set: Active Directory Admin Activity
Event Source: Active Directory
Users with Recently Enabled Accounts
This query shows all users who own accounts that have been enabled in the set timespan. Recommended visualization option is a table (the "Count" column is the total number of events for the target user that have occurred in the selected time range):
Note that you can change the groupby from target_user to source_user to show all users who are responsible for enabling other users, rather than the users who were enabled.
Recently Enabled Accounts
This query shows the accounts, rather than the users, that have been enabled in the set timespan:
Enabled Accounts Trend over Time
To see a trend over time for forced password resets, utilize a count function, a timeline chart, and a longer time range to show the number of forced password resets over time: