ClearPass will check the authentication sources in order of listing (Guest, AD in your case).
For each source ClearPass will check if the user account exists in that one, and if it exists use (only) that source for authentication.
That means that if you have the same username in both authentication sources, an authentication against the guest database will happen en AD will not be tried.
Do you need the Guest DB in there? If not remove.
Do you want the AD to be checked first, and fallback to guest? Change the order to first list AD.
From your explanation is it not possible to find the intended/designed way of working. If you are not fully confident in what you are doing, I'd recommend to involve a professional to do the design and make the needed changed. For an authentication solution it is important that you understand and correctly design and implement the policy.