1. Log in to vCenter Server database:
   
   
   • Microsoft SQL Server
     
     
     1. Connect to VCDB via SQL Server Management Studio.
     2. Click New Query.
        
        
   • Oracle
     
     
     1. Connect to VCDB via SQL*Plus. Alternatively, start SQL Developer.
     2. Right-click VCDB connection and click Open SQL Worksheet.
        
        
   • vPostgres
     
   1. Connect to the VMware vCenter Server Appliance console.
   2. Connect to the vPostgres VCDB and run this command:
      
      sudo /opt/vmware/vpostgres/1.0/bin/psql -d VCDB vc
      
2. To find user accounts that were deleted from vCenter Server, run this SQL statement:
   
   select E.EVENT_ID,CREATE_TIME as "UTC TIMESTAMP",USERNAME,ARG_DATA as REMOVED,EVENT_TYPE
   from VPX_EVENT E,VPX_EVENT_ARG A
   where E.EVENT_ID = A.EVENT_ID and EVENT_TYPE = 'vim.event.PermissionRemovedEvent'
   and ARG_DATA not like '%XML%'
   
   
3. To find user accounts that were added to vCenter Server, run this SQL statement:
   
   select E.EVENT_ID,CREATE_TIME as "UTC TIMESTAMP",USERNAME,ARG_DATA as ADDED,EVENT_TYPE
   from VPX_EVENT E,VPX_EVENT_ARG A
   where E.EVENT_ID = A.EVENT_ID and EVENT_TYPE = 'vim.event.PermissionAddedEvent'
   and ARG_DATA not like '%XML%'
   

Note: If these SQL statements do not work, check the vCenter Server Database Retention Policy.

To verify the current Event Database Retention Policy setting:

1. Click Administration > vCenter Server Settings > Database Retention Policy.
2. Check the value in the Events retained for field. Any event beyond number of days mentioned in the Events retained for field is removed.