Getting AD bound accounts to sync with FileVault's pre-boot authentication has been problematic for years. There have been several 3rd party tools available to fix this problem. The Apple Kerberos SSO Extension is the same idea but it does require being managed via an MDM (Mobile Device Management) server infrastructure such as JAMF or Microsoft Intune, etc. So I would recommend the NoMAD app to fill the gap until you can implement a modern MDM infrastructure.
The new way to work with Active Directory accounts is to not bind the Mac to the domain in the first place. Create local user accounts whose usernames match the AD accounts. Then use a 3rd party App called NoMAD to handle kerberos authentication and password sync. Or you can use the Apple Kerberos SSO Extension instead providing you have an MDM such as Intune or JAMF, etc. NoMAD can be used with or without an MDM server.
NoMAD (No More Active Directory)
Latest release: https://github.com/jamf/NoMAD/releases/tag/1.3.0
NoMAD or the Apple Kerberos SSO Extension will sync your FileVault, keychain, and Mac passwords. If the AD password is externally changed, then NoMAD will notify the user to sign-in with the new password and it will sync it on the Mac. Been using this tool for years and it's rock solid. JAMF bought out the company but NoMAD remains open source. It's not changed because it's working just fine with the last released version. JAMF Connect is a more advanced commercial solution sold alongside JAMF Pro an MDM. JAMF does have very affordable cloud SaaS solutions for small to large companies. You can also manage iPhones & iPads with an MDM solution such as JAMF.
There are a variety of additional cloud options when using an MDM (Mobile Device Management) server as well as Identity Providers such as Okta, Ping, AzureAD, etc. These require Configuration Profiles configured for your specific needs and pushed to the Mac's via an MDM server.
Apple Extensible Enterprise SSO <-- Search for Apple presentations on this topic
Apple Kerberos SSO Extension. <-- NoMAD equivalent tool from Apple
Microsoft Enterprise SSO
Microsoft Intune
JAMF Connect <--- identity providers, SAML, AzureAD, SSO
There are several additional MDM server solutions beyond Microsoft Intune & JAMF.
I would seek out the nearest Apple Store and ask for business contacts and Apple Certified Consultants to help you navigate the complexities. There are many options and choices to make.
But for now, NoMAD should fix this issue.
But you'll want to take a look at the future because things are changing rapidly with cloud technology. Modern setups have an always on encrypted tunnel connection and authenticate with SAML or AzureAD. Using MDM you can implement Zero Touch Deployment. Once you have Apple Business Manager and an MDM setup. You can work with getting your company registered with Apple and when you place orders for Apple devices from Apple or a 3rd party reseller you provide a company code. That code means this devices belongs to your company. Then you can ship the device straight to the user still in the shrink wrap. When the user connects the Mac / iPad / iPhone to the Internet, it phones home to Apple, who then forwards the device to the company MDM server where it automatically enrolls. Then all the configurations download to the device. There is no need for any admin to setup the Mac. It's fully automated. Likewise if a user had a MacBook stolen or lost or destroyed, they could call your company and the procurement department can place an order for a new MacBook and have it ready for pickup at an Apple Store. The employee would validate their identity and retrieve the laptop. They can go home or a hotel and unbox it and it will automatically set itself up. If you use cloud storage, all their data will be available. Granted, this takes a lot of setup by engineers to get the end user experience to be smooth and seamless but once you do. It's a beautiful thing to behold.
