user can specify AD group as LDAP format, such as cn=ADGroupName, cn=Users, dc=mydomain,dc=local.
This sample for Delegated user requests cofiguration:
1-1. Login Enterprise Management Console as System manager.
1-2. select Users and Groups > Roles > Privileged Access Roles > Modify Roles.
1-3. select Privileged Accounts Request Role
1-4. choice Member tab
1-5. add as following on Scope Rule:
User: where ( MemberOf = cn=AD group name, cn=Users, dc=mydomain, dc=local )
Privileged Accounts: Account Name = *
1-6. ok and submit.