I'm wondering if there is a way to do this in sql server. I have an extended event set up to track all user logins from a database with a filter. The way our security is setup, we have active directly groups that we give the access to, and when users login, they are authenticated with their individual active directory account based on belong to the AD group that is granted database permissions.
However, the extended event information only shows that specific user, not the AD group they are authenticating to. For example, if I want to only track logins from DBAs, we have an AD group Company\DBA, and when I login as a member, I authenticate with my Company\User_ID account. However, in the extended event, I only see filters for the specific user, it doesn't display the Company\DBA AD group I'm authenticating with or give me the option to filter from it. Anyone know how to show and filter off of that AD group instead?
Best Answer
You cannot filter on the AD group. This previous question explains how the access management works with AD groups:
How to tell which windows group login I used when logging in via windows authentication