I had similar problems pulling group membership after successfully authenticating using an AD user account. To resolve the issue I had to delegate the "Read group membership" permission on descendant User objects for the domain to the AD user service account I created for the 'admin_username' account specified in the local.php config file.
So for the domain account you have listed here:
$conf['plugin']['authad']['admin_username'] = '<DokuWiki Service account>';
$conf['plugin']['authad']['admin_password'] = '<supersecretpassword>';
Do the following:
1. Using AD Users and Computers right-click on your root domain and click ' Properties'
2. Go to the 'Security' tab
3. Click on the 'Advanced' button
4. Click 'Add...'
5. Select the user account that is used in the code listed above and click 'OK'
6. On the 'Permission Entry...' window that is now open click on the 'Properties' tab
7. On the 'Apply to' drop-down box select 'Descendant User objects'
8. Check the 'Allow' box for the permission 'Read group membership'
9. Hit 'OK' and/or 'Apply' on any open dialog boxes
Now after you successfully login to DokuWiki you can append "&do=check" to the url which will add some informational messages about DokuWiki and your login session. One of the messages should be what groups your user account belongs to.
Example Regular URL
http://dokuwiki/doku.php?id=start
Example Modified URL that provides extra information
http://dokuwiki/doku.php?id=start&do=check