You can try:
    truncate --size 0 /var/log/sssd/*
    sss_debuglevel 9
    sss_cache -E
    getent group $groupname
    sss_debuglevel 0

It's already done, actually. The id_provider=ad defaults to
altorithmically mapping UIDs and GIDs from Windows SIDs (see the section
"ID MAPPING" in the sssd-ad manpage). So I think the only reason the
group could have been marked as non-POSIX (and at that point, the group
being non-POSIX is just internal SSSD lingo) could be the group type
which would only be shown with a higher debug level I think.