2 issues

1st....can a user belong to more than 1 AD security group...(for different reasons).  Technically I think the answer would be yes....so I think you need to cater for looping through multiple results.

2nd....you should be looking to build an AD lookup/interface routine to execute this functionaility...I've seen others point to resources for doing such actions....search for "AD, SQL, Lookup/interface" and see if anything useful comes up.  I don't think it's a native SQL "system variable".