When a user is disabled in the system, their information are uncharacterized, but it is possible to validate who did this action by following these steps:
- Go to Reports → Events → Audit Tracking.
- Select the “User” entity to access the details.
On this screen, it is possible to validate who did the forget user action, and also the moment it was executed and the IP of the machine who did the action.