For the below, you would have to do this on each server in you AlwaysOn group.
You can create a DDL trigger to catch and alert you on CREATE_USER and DROP_USER Events.
[font="Courier New"]
USE [your_database_name];
GO
CREATE TRIGGER CatchUser
ON DATABASE
FOR CREATE_USER, DROP_USER
AS
BEGIN
SET NOCOUNT ON;
DECLARE @x XML = EVENTDATA();
-- INSERT dbo.LoggingTable(Columns)
SELECT
EventType = @x.value('(/EVENT_INSTANCE/EventType)[1]', 'nvarchar(256)'),
UserName = @x.value('(/EVENT_INSTANCE/ObjectName)[1]','nvarchar(256)'),
LoginName = @x.value('(/EVENT_INSTANCE/LoginName)[1]', 'nvarchar(512)'),
StartTime = @x.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime');
END
[/font]
You can also use the default trace. You just have to create a job to check it every x minutes.
[font="Courier New"]
DECLARE @path NVARCHAR(260);
SELECT @path = REVERSE(SUBSTRING(REVERSE([path]),
CHARINDEX(CHAR(92), REVERSE([path])), 260)) + N'log.trc'
FROM sys.traces WHERE is_default = 1;
SELECT EventType = CASE EventSubClass WHEN 3 THEN 'CREATE_USER'
WHEN 4 THEN 'DROP_USER' END, TargetUserName, LoginName, StartTime
FROM sys.fn_trace_gettable(@path, DEFAULT)
WHERE EventClass = 109 -- Create DB User Event
AND DatabaseName = N'your_database_name'
ORDER BY StartTime DESC;[/font]
You can have the queries above write to a table and then check the table for new entries and send an email or however you want to handle it.