One possible way to achieve this would be to update the endpoint in the endpoint database with an attribute that indicates AD membership. You could do that on a computer authentication, or if you control the TLS well enough on the TLS user authentication as well. When a MAC auth request comes in, you can return the service VLAN for those machines that have the attribute set, so they can sync from there to the AD/PKI, or even do a PXE boot to reimage the client.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.