Since updating to 10.15.3 we have been unable to sudo using an AD admin group. After the update we noticed that the admin accounts were not able to elevate. Running dsconfigad -groups "DOMAINdomain admins" has fixed the elevation issue but we are still getting "account is not in the sudoers file..." when we try to sudo.
I have followed various guides trying to fix this and basically where I have ended up is, if I put a username in the sudoers file it works but if I put an AD group in it doesn't.
I am using a command sent from jamf to create a file in sudoers.d and then echo the group in like this: touch /etc/sudoers.d/file | echo "account ALL = (ALL) ALL" > /etc/sudoers.d/file
If I replace "account" with a domain group: touch /etc/sudoers.d/file | echo "%DOMAINADGroup ALL = (ALL) ALL" > /etc/sudoers.d/file I get the same message about it not being in the sudoers file. I have followed every guid I can find for adding a domain group to the sudoers file but none seem to work. Any suggestions are appreciated!
