sudoer: AD domain group in sudoer file won´t work

My server is joined to AD domain, and I used SSSD and realm to do so. I can log fine to the server using SSH and my AD credentials.
I wanted to allow my user to run sudo, so I added:

%MY_AD_GROUP ALL=(ALL) ALL

to my /etc/sudoers. It won´t work. I then tried to add my domain like all of these:

%MY_DOMAIN\\MY_AD_GROUP ALL=(ALL) ALL
%MY_AD_GROUP@MY_DOMAIN ALL=(ALL) ALL
%:MY_AD_GROUP@MY_DOMAIN ALL=(ALL) ALL

and none of them worked either.
If I run id:

$ id
uid=1953620811(my_user) gid=1953600513(domain users) groups=1953600513(domain users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

it shows my user is indeed an AD user.

Something worth mentioning:
I first check a group I´m a member of in AD:

$ getent group MY_AD_GROUP
MY_AD_GROUP:*:1953654054:user1,my_user,user3,user4

so, my_user is a member of MY_AD_GROUP, then I add it to /etc/sudoers (via visudo) and try to run:

$ sudo echo a
[sudo] password for my_user:
my_user is not in the sudoers file.  This incident will be reported.

I then check again MY_AD_GROUP:

$ getent group MY_AD_GROUP
MY_AD_GROUP:*:1953654054:user1,user3,user4

and my user disappeared from the list (but I know it is still a member of the AD group). And, as soon as I run:

$ sss_cache -E

and run:

$ getent group MY_AD_GROUP
MY_AD_GROUP:*:1953654054:user1,my_user,user3,user4

the user show up again, although sudo won´t work.
So, what is going on???