I just fixed an issue for a client where I discovered the SQL login in question was disabled. I forgot (my fault) to check the login data before re-enabling the login, so I think I lost the previous change date for the login.
I did try to go back and restore backups of the master database to a different name in order to see if I could find a backup when the login was enabled, then disabled as of the next day's backup.
I sampled a backup over a week old, then one a few days old, then the backup from this very morning. But the query below never returned the login I found disabled.
select name, is_disabled
where is_disabled = 1
Is there anything else out of the box that might help me find when this login was disabled? I know there is auditing I could add and I'll check to see if another DBA has added that auditing but just curious about
(1) how this data is stored in master
(2) is it incorrect to restore master under a different name on a different server to search for this data?
Thanks for any help.