I would like to alert on all Group Policy Object and Group Policy Instance Facility events, but only related to GPO's linked to the domain root and one additional OU.
Is there a way to scope a search/alert for this?
Here's what I would do:
1) Run the built in All Group Policy Events Search
2) Right click any of the returned events and select "Search Properties"
3) Select the "What" tab
4) Click Add | Subsystem | Active Directory
5) When the "Add Active Directory Container" dialog appears, under Scope select "This Object"
NOTE: This option will only detect links to the selected object and none of its children
6) In the left browse view, click the root of your domain and click "Add" to add it to your criteria
7) Do the same for any other OU(s) you want to include.
8) Click OK and then Save your search again.