Collecting the Users Enabled/Disabled SQL logs | Online help - EventLog Analyzer

How to collect the users Enabled/Disabled SQL logs?

  1. The Enable/Disable logs will be recorded in the Event Viewer in the following scenarios:

    1. In SQL Server Management Studio, Security ⇾ Logins ⇾ Right-click on any user ⇾ Properties ⇾ Status ⇾ Login section ⇾ select Disabled/Enabled.

    2. By executing the query ALTER LOGIN <user_name> <ENABLE/DISABLE> (i.e., the event should be populated in the event viewer with ACTION_ID = LGEA for enabled user action and ACTION_ID = LGDA for disabled user action).

  1. If the logs are not available in the Event Viewer, then the EventLog Analyzer will not be able to produce SQL Reports for Enable/Disable users.

  2. To fix this, check if "SERVER_PRINCIPAL_CHANGE_GROUP" is present in the "Audit Action Type" of the enabled Server Audit specifications. If this is true, then check if the event logs are getting overwritten due to the generation of a lot of events.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products