I am trying to create a filter on a SQL Server audit to capture actions of the members of a Windows AD group.
The audit filter allows you to include a filter such as
where server_principal_name = 'domain\user_name'
Using this filter I included a Windows AD group name, but the audit captures nothing.
The audit itself seems sound. If I remove the filter then the audit captures what I want, but for everyone.
Is there a way to filter an audit on the members of a Windows AD group, rather than individual users?