The sudoers plugin currently has support for a non-Unix user groups plugin but no way to support arbitrary external groups of hosts.  A simple fix would be to replicate the non-Unix group API but for hosts, using some syntactic sugar (perhaps :hostname?).

A potentially batter approach is to use a URI-based scheme that supports multiple plugins and that can handle groups of users and hosts.  In this schenario, when the data plugin is initialized it would return a URI type (e.g. qas) which is used to identify groups that should be resolved using that plugin.  For instance:

qas://Administrators ALL = ALL

would match any user in the AD Administrators group.  Likewise,

qas://Administrators qas://Servers = ALL

is the same but for hosts in the AD Servers machine group.  The 

In addition to a test for whether a user or host is in a group, the plugin may also support a function to enumerate all groups that a user or host belong to.  This may dramatically reduce the number of queries required but not all plugins may be able to support this.