Anytime a new user is signing in with his/her AD credentials they were being prompted for an administrator username/password to bypass secure token. Here in an excerpt from the attached article explaining what causes the problem:
"AhhSecureToken; the gift that keeps on giving! macOS 10.13.4 introduced this new, undocumented dialog that would appear on first login under the following conditions:
If the filesystem is APFS
Whether or notFileVault is enabled
If the Mac is bound to a directory service (e.g. Active Directory or LDAP)
If there is a local administrator account present that has logged in at least once (e.g. the one created during the Setup Assistant).
If the account currently logging in will be a directory based mobile account (i.e. it hasn’t been created yet and is logging in for the first time)"
Luckily the author of this article has us covered with a custom profile that you can install on the computer level with Meraki to fix this.