Hi Tomás,
group membership chnages in AD are recorded in the form of Audit Events with their respective ID. So you need to enable Auditing (or ensure it is enabled), so that you can get this information in your Security Events Logs. After that it is mainly about parsing Event Logs with PowerShell. I tried to select a couple of useful resources on the topic. The first thing is enabling this auditing setting:
How to Track and Audit Active Directory Group Membership Changes
https://www.lepide.com/how-to/track-and-audit-active-directory-group-membership-changes.html#:~:text=Event%20ID%204728%20indicates%20a,in%20Active%20Directory%20Group%20Memberships
and also to the second part - parsing. There are some very intersting blogs that will give you an idea on what exactly has to be done:
Use PowerShell Cmdlet to Filter Event Log for Easy Parsing
https://devblogs.microsoft.com/scripting/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing/
Use PowerShell to parse event log for shutdown events
https://devblogs.microsoft.com/scripting/use-powershell-to-parse-event-log-for-shutdown-events/
PowerShell – Everything you wanted to know about Event Logs and then some
https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/
I hope I was able to help you out!
(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Regards,
Stoyan