@msdoni What you're wanting to do basically isn't possible with FileVault as it exists through macOS Catalina (in short a Mac at the FileVault login screen doesn't have network connectivity as it's a pre-boot system waiting for you to unlock the OS volume to boot). There's some changes coming in macOS Big Sur, but I don't think they'll get you there for AD logins.
I use AD accounts with my test Macs, and trying to get Filevault working for them is a pain in the lower back. I assume the extra complication I have is that I define access via netgroups, and what happens when I try to give a secure token to any of the users in the netgroup I get a 'user unknown' message - even when the user in question is currently logged in 😉
Seems to me the best practice concerning Filevault for AD account is: avoid if you can.
We AD bind our macs and use Mobile AD accounts as well. There has not been a way that I have found so far to streamline the FV provisioning process, FV lacks a lot of the features of BitLocker like Network unlock using network detection. Accounts present on the Mac before FileVault is enabled can be given a FV token as things encrypt, but to later add a FV token to an account post encryption requires some work. It can be scripted but you have to pass the user name and password in the bash script for a FV enabled account to give a token then prompt the user to enter their user name and password.
How we handle FV. We have a local admin account as per usual that users do not get access to, and a local account called setup with no admin access but does have a FV token due to being created before we encrypt. We have to encrypt pre deployment due to security policy. The user gets the computer and logs in to FileVault with the "setup" account, then just logs out if they get logged in to macOS and log in with their account if they are on the cooperate network (we with other workarounds if remote). Once the user is logged in they run a policy that sets things up for them like office, provisioning admin access and granting a FileVault token using the setup account to pass the token, this policy also deletes the setup account so it does not linger around for security concerns.
@msdoni I have many problems at my employer as well, I have conversations way too frequently on why things with MacOS cannot be setup to function like they do on Windows. We are a Windows shop with some 50k windows devices and less then 1000 macs, to make it better we are a financial institution with all those regulations. Our folks in IS have a hard time understanding the differences between macOS and Windows, thankfully I was a windows admin for some 15 years so I can usually bridge the gap. though I do get tired of explaining why we cannot report on macOS updates the same way we do with windows lol.