What is a one sentence summary of your feature request?
This idea is to capture the TTL value with group membership changes when organizations are leveraging the Privileged Access Management feature in Active Directory
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Organizations that are leveraging the PAM capabilities within Active Directory are not able to see when group membership changes include a time to live value, which controls how long the user will be added to the group for. Adding the ability to detect this value will help organizations distinguish between permanent group membership changes and temporary group membership changes.
More can be read on the MSFT PAM features of Active Directory here: What's new in Windows Server 2016 | Microsoft Learn
How do you currently solve the challenges you have by not having this feature?
Currently you would have to look at Windows event logs to identify when the TTL value is associated with a group membership change.