So a simple request for more information would have sufficed here. Instead of being the typical IT Support person that most user insist on hating. You know the type that doesn't really want to do his/her job and avoid getting to the meat and potato's of the request being submitted.
You may be having a bad day but don't ever treat a reporter like this again as it is not becoming of any person that supports a product. You should not be responding to anyone like this as you represent the application.
Now with that said here are your answers:
What version of Jenkins were you using before? 2.401.1 to 2.62.3
Did you update any plugins? Yes
What is the current version of those plugins, what is the previous version of those plugins? 3.1.8 upgrade to 3.2.2
Are the groups listed in /whoAmI? we are also using the Active directory plugin to support the connection to Active Directory v2.30 upgrade to 2.37
Are the groups validated in the matrix auth permissions table? yes
Can these users log in if you assign permissions directly rather than via groups? yes if we chose to do so but not how we are doing it.
This is an issue tracker, not a support site.
For a bug report, there's too much information missing.
What version of Jenkins were you using before? Did you update any plugins? What is the current version of those plugins, what is the previous version of those plugins? Are the groups listed in /whoAmI? Are the groups validated in the matrix auth permissions table? Can these users log in if you assign permissions directly rather than via groups? Etc.
Per your email address, you're IT support. Try writing issue reports of the kind you'd want to receive yourself.