Auditing Successful and Failed Logins by AD group

  • Hello, 

    I am trying to implement SQL Server audit for to log the successful and failed login attempts to the server by member of an AD group. I have the AD group added to the server as SQL Login, to authenticate with Windows Authentication. All the member of the AD group can login to the server with no problems. The AD group is not a member of any fixed server role in SQL Server, I have the group mapped to specific databases and to the db_datareader, db_datawriter and db_ddladmin roles for these databases. In no database the group is added as a db_owner.

    I have the SQL Server audit created for to log the logins (successful or failed) for this AD group only: ([server_principal_name]=N'AD_Group'). Nothing is logged when I am testing the login with one of the users of this group.

    When I add a particular user in the filter [server_principal_name]=N'AD_user' it functions just fine. Can please someone that have encountered a similar issue share some experience?

    Thanks in advance

  • tttcoding - Wednesday, May 23, 2018 4:58 AM

    Hello, 

    I am trying to implement SQL Server audit for to log the successful and failed login attempts to the server by member of an AD group. I have the AD group added to the server as SQL Login, to authenticate with Windows Authentication. All the member of the AD group can login to the server with no problems. The AD group is not a member of any fixed server role in SQL Server, I have the group mapped to specific databases and to the db_datareader, db_datawriter and db_ddladmin roles for these databases. In no database the group is added as a db_owner.

    I have the SQL Server audit created for to log the logins (successful or failed) for this AD group only: ([server_principal_name]=N'AD_Group'). Nothing is logged when I am testing the login with one of the users of this group.

    When I add a particular user in the filter [server_principal_name]=N'AD_user' it functions just fine. Can please someone that have encountered a similar issue share some experience?

    Thanks in advance

    By default no. You could possibly figure out some workaround but it's likely to take too long to be acceptable for a logon trigger.
    Auditing by AD groups looks like it would introduce some issues such as Logins may be members of more than one group so which group would they fail? Or If you have an AD group with nested groups, which group fails?

    Sue

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply