I understand that different organizations have unique needs but why are you joining Macs to AD? It is not considered to be good practice anymore, and I never thought it was good practice when it was considered a good thing. There are better ways to do things like have a password policy, password reset enforcement, and keep Macs authenticated with company resources. There's Jamf Connect and Single Sign-on extensions, which is what we use at my company.

Well they need access for

Printing

Network share access

Wireless access

if your not on the corp network you get a 192 IP and that is blocked from accessing any network app due to the Cybersecurity and PCI,  then all the use would have to use VPN in the office to Print ,access the customer database, and network shared folders. If there is a better way to give Mac user access to a Windows AD contorted environment i am all ears

+1 for Jamf connect; it would solve most of the problems described here,. after configured. contact your jamf rep for pricing; and even a free demo.

Friends dont let friends AD join Macks or macs.

Jamfs Policy for AD joining just uses a script, it should still work fine but granted we have not AD bound in 4 years.

As far as your reasons for still AD binding, printing and network shares should be pretty easy to rework. 802.1x networks should also not be that hard but you will need radius policies updated.

requested a Jamf connect demo, to try and convince the powers to be at my work we need it.

We hade Nomad before i stared hear don't know why they get ride of it