Active Directory (AD) groups can be used in the security rules, but Panorama does not have a User-ID feature. In Panorama 4.1 and later, the groups to be used in the Security Policy are pulled from the master device.
Go to the Panorama > Device Groups and select Master Device.
Click OK to commit and check in Security Policy. The following screenshot shows an example of the Active Directory groups pulled from the Master Device and available for selection in the Security Policy rule on Panorama: