How to create a search for any changes related to a specific security group? (4320873)

An administrator need to create a search that return events for changes made to a specific Security (nested) group. This document will provide the steps to create the search. 

The following steps will create a search that targets a specific group:

1. Click the “New” or Plus icon (+) in the button bar menu of the Change Auditor Client search tab to create a new search.
2. Enter the desired name in the “Search Name” field of the “Info” tab in the search properties.
3. Select the “What” tab and click the “Add” or “Plus” (+) button in the button bar of the search properties.
4. Search for or enter a keyword in the Event Class filter to find “Group member-of added” and “Group member-of removed” event classes.
5. Select each and click the “Add” button to move them to the lower section. Click “Ok” when all event class are added.
6. In the “What” tab click the drop down arrow to the right of the “Add” or “Plus” (+) button in the button bar of the search properties.
7. Select “Subsystem” | “Active Directory” from the Context menu
8. Select the “This Object and all Child Objects” Radio button in the top section of the form.
9. Search for or browse to and select the target user/group in the AD object selector in the mid-section.
10. Click the “Add” button at the bottom of the window to move the selected object into the lower section.
11. Click “OK” to close the form and “Save” to save the search.