I've got directory service groups for all privileged groups in AD, and I'm looking for a way to trigger email only if the account is in one of those groups. I have [AuditableUserEvents].DestinationAccount, but how do I check to see if it is a member of a set of directory service groups?