SQL Server audit with windows ad group

Question

SQL Server audit with windows ad group

pollando

Newbie

Points: 4
More actions
December 17, 2025 at 11:05 pm

#4701824

I am trying to create a filter on a SQL Server audit to capture actions of the members of a Windows AD group.
The audit filter allows you to include a filter such as
where server_principal_name = 'domain\user_name'
Using this filter I included a Windows AD group name, but the audit captures nothing.
The audit itself seems sound. If I remove the filter then the audit captures what I want, but for everyone.
Is there a way to filter an audit on the members of a Windows AD group, rather than individual users?

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

jasona.work SSC Guru Points: 50247 More actions · Answer 1

I'm not sure what you're trying to do here.

You have a SQL Audit, you have an AD Group with members, and you're trying to filter on something, but I'm not clear on if it's the entire group, or you're trying to filter on only a few members of the group?

If you're trying to audit just specific users, then yes, you're going to need to filter on that.

pollando Newbie Points: 4 More actions · Answer 2

The point of filtering on an AD group is to capture the actions of all the members of the group, rather than name specific users.

jasona.work SSC Guru Points: 50247 More actions · Answer 3

So by default a SQL Audit will capture ALL activity by all Logins, with no filtering. The filters are for excluding users / particular actions / individual databases (if you set it up at the Instance level.)

Steve Jones - SSC Editor SSC Guru Points: 740440 More actions · Answer 4

I've been looking for a reference. The AIs say that you can't filter on an AD group, only users. That seems like a failing, but one I'm not surprised. I can't see a reference that would verify this.

The workaround suggested is to capture the actions you want and then look for those by members of a group, which would be some code to get a list of members. The other thing is filter with an OR list of the group members.

pollando Newbie Points: 4 More actions · Answer 5

I have been finding examples of filtering on individual principal names but silence on AD groups. It seems like if it was possible I would be able to find documentation or examples.

By testing I found that entering the principal name of an AD group name as a filter does not get results.

I also opened a case with premiere support, maybe they have some other idea.