Can you please clarify what changes need to be made in CustomizeClonedMachine.sh and ngvc-agent.sh?  I'm in the same situation.  Our AD environment already has the UID/GID of the users and we really need to utilize that for identification. 

I tried desperately to use our existing SSSD configuration, using the RunOnceScript setting in viewagent-custom.conf and setting it to not use PBISO.  If there are any recommendations on integration with active directory (and use UID/GID from AD) I will appreciate a lot.  I've been trying to get this to work now for a few days.

What I do is to join the base machine to the domain and configure everything.  Then in /usr/lib/vmware/viewagent/bin/ngvc-agent.sh on line 340 I comment out "changeHostName" and I change line 345 to offlineJoinDomain="none". Then I edit /usr/lib/vmware/viewagent/bin/CustomizeClonedMachine.sh this way.

#!/bin/bash

###################################################

# Copyright 2017 - 2018 VMware, Inc.  All rights reserved.

###################################################

ngaFork=`vmware-rpctool "info-get guestinfo.ngaFork"`

if [ "$?" != "0" ]; then

      echo "Command get guestinfo.ngaFork failed or guestinfo.ngaFork do not exist..."

      return 0

fi

forked=`vmware-rpctool "info-get guestinfo.forked"`

if [ "$?" != "0" ]; then

   echo "Command get guestinfo.forked failed or guestinfo.forked do not exist..."

   return 0

fi

The drawback is that all VMs have the same hostname and kerberos keytabs but it woks. Alternatively, if you need the real hostname and distinct keytabs entires you could use adcli called form the ngvc-agent.sh script. Look for the offlineDomainJoin funtion and change it to use adcli to perfom the join. Use the adcli option --one-time-password.