Thank you for the article, that DDL trigger have made my boss (and me) happy auditing "who did what to the production systems" (or even the dev ones) for a good while now.
I would like to raise a concern, though, about which account you use when creating the trigger (the one that is going to be its owner).
If you use your own Windows account via Windows authentication (and not the sa account, which shouldn't be enabled anyway), and your password expires, the trigger will fail. And you don't want all your DDL commands, like re-indexing to start with, to start failing.
So at the start of the script, I have put EXECUTE AS LOGIN = 'sa', with a corresponding REVERT at the end.
There must be a way to use ALTER AUTHORIZATION as well, but so far I only used option 1.