As a general rule with transform map imports (which is what the LDAP imports are), deleting the target records and re-running the sync will cause the records to be re-created. In other words, the steps would look like:

1. Delete all of the invalid sys_user_groups - you can do this by either the list view or, if you imported hundreds or thousands of groups by accident, in a script with deleteMultiple();
2. Re-load data from your LDAP source (System LDAP -> Data Sources -> Your Data Source -> Load All Records)
3. After you click Load All Records and it finishes loading records into your import source table, the status screen will have a "Transform" related link at the bottom, click on it.
4. On the transform map select screen, make sure that your LDAP transform map is selected (make sure that it's in the box on the right).
5. Click Transform. This will cause the imported groups to be transformed into ServiceNow groups.

In our environment, we manage group membership via LDAP. We have a scheduled load (System LDAP -> Scheduled Loads) that pulls in changes from our AD every four hours. We import both users and groups from LDAP, so we have two scheduled loads: one for users and one for groups. We have the scheduled load for user import set to run on a schedule, and the group import scheduled load is set to "After Parent Runs," with the user transform as the parent. This way, all changes to users are imported and then changes to groups and group membership are updated immediately after. Importing a group automatically imports the membership (though it won't do anything if it can't match any of the members of the LDAP group to ServiceNow user records).