...
After the AD bind process is successful, end users can log in as the "User" account to connect to the corporate network, and then switch users to their domain account after the network connection is established. This will cache their credentials in the VM, so that future logins can be done offline if desired. An additional reboot may be required in order to repopulate the VPN configuration information from the encrypted store.