Setting up a server-side trace is the first thing that comes to mind. Trace will allow you to capture the activities for a specific set of logins at a very granular level including when they login to the instance and what ad hoc sql batches and stored proc executions they submit.
That said, I don't know if trace can be set to capture activity by filtering on an Active Directory (AD) group. I think the filter only applies to SQL Logins and specific AD Accounts meaning if 'SQL DBA Group' is an AD group and new AD accounts were added to that group you would need to update your trace filters.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato