I like that concept. We do have a similar workflow available that I can plug into and alert on changes outside the whitelisted existing admins. Tying down that admin...
Thanks Michael - that approach works fine in normal situation, but doesn't actually protect against this particular usecase as a local windows administrator can simple disable the startup of SQL...
The local admin would have no permissions in SQL at all, until they restart in single user mode, at which point they become a sysadmin. There's no way I am...
Well....there's always a way. The way you are looking for here is exporting it as a bacpac and then importing it into the 2016 server. It's not nearly as nice...