It is just the way AD stores the user passwords . Because of this, joining the domain is necessary in order to interpret/read it.
If you're having "political" issues joining the domain, tell your administrators that they can join it to the domain for you. The account and credentials used to join it to the domain are only used during the join. Subsequent logon authentications are done with the bind account. This account can have minimal rights in AD; typicaly configured as a "normal user".