Audit Security

  • Admingod


    Points: 5606

    Is there a way to find any process or someone who could have removed a Domain login against sql server? Otherwise using server level trigger would be a best option to audit in the future to an event like this? Please advise?

    Thanks in advance!

  • Sue_H

    SSC Guru

    Points: 90260

    It would be in the default trace, depending on how far back you have trace files. Otherwise, yes you would want to use a DDL trigger at the server level to audit dropping the logins.




    Points: 49887

    You could also look at setting up a SQL Server Audit ( and monitor the DATABASE_PRINCIPAL_CHANGE_GROUP and SERVER_PRINCIPAL_CHANGE_GROUP objects.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply