Sometimes it’s painful to do something that should be so simple. Once you’ve gotten through the pain of doing SSSD/AD joining, you’ll want domain groups to be able to do “stuff” without hindrance, maybe. Try this line in the file in /etc/sudoers.d/sudoers (you’ll have to create it):
%domain\ users ALL=(ALL) NOPASSWD: /bin/mount, /bin/umount
Okay, that’s quite unsafe but it gives you a clue.