Thank you for your responsese.
Yes, Indeed they are sys.database_principlas.
When it comes to expiration. They passwords are set to expire every 365 days. So it should not be a problem.
What I want to know is. Is there a way where we can query something(LIke a DMF or DMV) and find out who chaged the ownership and deleted the users from the theire respective DBs.
I am plannin to create a trace which captures the Audit Change Database Owner Event. But it will only tell us in the future.
Is there any way I can find out what happened in the past.
Regards.