Is it possible to authenticate some internal users against AD and some external users against SQL DB?

Is it possible, to allow external users to authenticate against users in SQL DB of NextCloud, and some users to authenticate against Active Directory?

Eventual problems:

  1. This is needed, to disable external users authenticate using AD and gain an access to use our internal applications.
  2. Should the point 1) would not be possible, and all external users would be able to use NextCloud only after their user account in AD would be created, how it would be possible to make them informed, that our GPO recognized their password old, and it is necessary to change it.
  3. If this would be possible to apply, (Fail2Ban will be installed), how user get notified, that now it is necessary to change their password in such way, that will not block the connectivity to the NextCloud server?
  4. If only one option is available (either SQL DB or AD), is there anyone, who have simillar experiences and would be able to advice, what is necessary to perform, not to block domain users an access to some other services in the domain, and how to allow external users an access only to NextCloud (perhaps new OU, where only external people would be a members of) ?

Note: Currently we use Owncloud running on Ubuntu, and we plan to migrate to NextCloud running also on Ubuntu during June 2018. Are there any other requirements, that is necessary to keep in mind, before we start the migration?

Thanks for your advices,