@Mark I just happened to mess with this a couple of days ago. I just need to validate visibility via osquery however, I did validate via the /dev/auditpipe on MacOS.
I added 'ad' to audit_control. I then tailed the /dev/auditpipe and validates that audit recorded when I su'd to root from my user account.
Now what I need to do is validate that osquery can see that entry. I do have events enabled, I just need to perform the check. I hope that helps.