Domain Group problem in Roky Linux

Hello All.
Let’s describe my problem.
I have joined my rocky Linux to AD, next in AD create Domain group.
This domain group has members domain users, next configured /etc/sssd/sssd.conf
“[sssd]
domains = bee.mobitel.local
config_file_version = 2
services = nss, pam
default_domain-suffix = bee.mobitel.local
[domain/bee.mobitel.local]
access_provider = simple
simple_allow_groups = SRV_ANS_Admins
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = BEE.MOBITEL.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = bee.mobitel.local
use_fully_qualified_names = False
ldap_id_mapping = True”,
next configured sudoers config file
"## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%SRV_ANS_Admins ALL=(ALL) NOPASSWD: ALL

Same thing without a password

%wheel ALL=(ALL) NOPASSWD: ALL"

but this Domain group members still has not root privilege.
what might be the problem?