Can you confirm if you have tried the following steps?
Login to vSphere Web Client> Go to Administration -> Single Sign On -> Users and Groups -> select the ADMINISTRATOR group and add the AD account or group.
This should allow the user/group to gain access to all configuration components.
Yes that is what I mean with
As I workaround I was thinking of adding the AD group or AD user as member of Administrators group defined in vsphere.local, this works, but not sure if this is the best practices.
If this is the recommended way, would it mean that I don't really need to set global/object permission for AD Group on its own, since it would naturally inherit every access that the vsphere.local Administrator group has?
Yes, that is the ideal way of allowing AD users to perform administrative tasks.