When you have connected your vCenter to AD you should be able to use AD for setting up the permissions. You state that users sign in through AD so that should be possible. I'm just curious about your remark "I understand why this happens". Why is this happening? vCenter centralizes management of your hosts so you should not configure this locally on a host.
I figured it out, you have to add the vCenter server to the domain by going through the web client and adding the domain as an identity source. After that, you'll be able to see your domain in the dropdown when adding permissions.