I have active directory sign in working on an Ubuntu 12.04 box. When the user signs in, I have a script that runs that needs sudo permission (since it modifies the samba config file). How would I specify this in my sudoer's file?

I've tried:

%DOMAIN\\AD+Programmers ALL=NOPASSWD: /usr/local/bin/createSambaShare.php

I've found various resources on the internet stating that this is how it would be done, but I'm not sure that I have the first part right. What are they using as the DOMAIN? The workgroup or the realm?

I use Samba + winbind for active directory integration. Here's my smb.conf:

[global]
    security = ads
    netbios name = hostname
    realm = COMPANYNAME.COM
    password server = passwordserver
    workgroup = COMPANYNAME
    idmap uid = 1000-10000
    idmap gid = 1000-10000
    winbind separator = +
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    domain master = no

EDIT: The users that should have access to run that script are all part of the Programmers group which has an Active Directory Domain Services Folder of Company.com/Staff/Security Groups (not sure if that matters or not).