December 17, 2025 at 11:05 pm
I am trying to create a filter on a SQL Server audit to capture actions of the members of a Windows AD group.
The audit filter allows you to include a filter such as
where server_principal_name = 'domain\user_name'
Using this filter I included a Windows AD group name, but the audit captures nothing.
The audit itself seems sound. If I remove the filter then the audit captures what I want, but for everyone.
Is there a way to filter an audit on the members of a Windows AD group, rather than individual users?
December 18, 2025 at 8:41 am
This was removed by the editor as SPAM
December 18, 2025 at 8:42 am
This was removed by the editor as SPAM
December 18, 2025 at 11:56 am
I'm not sure what you're trying to do here.
You have a SQL Audit, you have an AD Group with members, and you're trying to filter on something, but I'm not clear on if it's the entire group, or you're trying to filter on only a few members of the group?
If you're trying to audit just specific users, then yes, you're going to need to filter on that.
December 18, 2025 at 2:19 pm
The point of filtering on an AD group is to capture the actions of all the members of the group, rather than name specific users.
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply