Soham,
It might be that they're worried that if sssd (or AD connection) misbehaves, they're dead in the water. That is, they cannot log in with their ADM account and 'sudo su -' to become root. To fix the problem.
We have a similar situation at work. Cybersecurity dictates no remote root logins. So if a Linux server's AD connection is hosed, we have to pop onto the server's console, log in as root and look up root's current password in the enterprise password vault. Both of these steps are a pain, but can be accomplished.
It turns out one of our particular configuration management tools gives us another (secure) mechanism for Linux system engineers to become root. (But that tool is going away.)
It's rare that our AD integration tools (sssd et al) misbehave, or AD connection misbehaves. But it happens.
It's likely that they're looking ahead and want some alternative pathway to become root that's not dependent on AD + sssd. Or to have their main pathway not dependent on AD + sssd.
Spike
Spike