I think David mentioned in his Ten Talk that we’re running NoMAD on both domain joined and non-domain joined Macs. Our experience shows that the non-domain joined systems just seem to work more reliably overall and have noticeably faster login times and just less ‘weird stuff.’ Plus we don’t fight with the constant issues Apple seems to create with every new release of macOS (I’m half-convinced they don’t do QA testing against AD-joined systems…)
NoMAD solves the SMB access without retyping passwords problem.
With all that said, you DO lose the admin group for logins. We solve that by creating a unique local admin account on each system we manage. Only our team has the password for that account and it’s never given to end users.
I hope that info helps. If you have any more questions, feel free to reply. I’m sure others are wondering the same thing and we’re happy to share our experiences if it helps others.