There is an existing integration that allows you to map user information from Microsoft Active Directory to user fields in Zendesk. Here is a link to more information on how to set this up: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-zendesk-tutorial
Once you've synced the email address of each manager in Microsoft AD to a user field of their subordinates in Zendesk, you'll effectively be able to control who should be approving what all from within AD.
For each new approval template you create in the Approvals app, instead of selecting an individual you can then select the "Manager" option like this:
So then whenever a user submits a ticket that requires approval, the app will first check who their manager is (as listed in the user fields), and send it straight off to them.
If a user exists in Zendesk that AD has not set a manager email address for, then it will default to the backup approver as set within the template.