1) Yes, it is defined, please find below the contents of macro.conf file
definition = eval Admin=SubjectAccountDomain."\\".SubjectAccountName
2) 4754 was triggered on group testing.
I had a few more observations:
3) For Group & Membership changes, values were empty for "Admin", "Group" & "Member Account Name" columns
4) Can you confirm, all configuration done in AD are just for the "Default Domain Controllers Policy", referring to your documentation, step 4 (configuring Event Forwarding) it refers to "Default Domain Policy", assuming it as a typo I configured the "Default Domain Controller Policy" itself. I hope this is not the issue.
5) The Managed Filter used "Builtin - Security: AD Changes", the XPATH does not monitor 4727 or 4731, I hope this is also normal. Since its a free edition I cannot modify the builtin filters.