Thank you for your responsese.

Yes, Indeed they are sys.database_principlas.

When it comes to expiration. They passwords are set to expire every 365 days. So it should not be a problem.

What I want to know is. Is there a way where we can query something(LIke a DMF or DMV) and find out who chaged the ownership and deleted the users from the theire respective DBs.

I am plannin to create a trace which captures the Audit Change Database Owner Event. But it will only tell us in the future.

Is there any way I can find out what happened in the past.

Regards.