2 issues
1st....can a user belong to more than 1 AD security group...(for different reasons). Technically I think the answer would be yes....so I think you need to cater for looping through multiple results.
2nd....you should be looking to build an AD lookup/interface routine to execute this functionaility...I've seen others point to resources for doing such actions....search for "AD, SQL, Lookup/interface" and see if anything useful comes up. I don't think it's a native SQL "system variable".