The AD plugins recognizes groups by CN and sAMAccount. Firstly, it will try to look for the CN and later if not found by the sAMAccount. However, it always returns what was introduced as groupname, when it should be returning something like group.getCN() where group is an Attribute.

https://github.com/jenkinsci/active-directory-plugin/blob/active-directory-2.6/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java#L524-L536

The problem is that when looking for users through loadUserByUsername, it adds as Authorities the group CN, but not the group sAMAccount.

https://github.com/jenkinsci/active-directory-plugin/blob/16bc35c9bb441fef4431ff0267506494b2647269/src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java#L602