The scenario you describe is surely possible, assuming you are ready to implement the step 3) yourself. There is a caveat, though: Gluu Server expects that for each user who tries to log in at it there is a locally stored user entry in LDAP. In scenario with Cache Refresh it will create those for you. If you can't pull users from AD into Gluu via LDAP, then you'll have to implement user's auto-enrolment in your custom script.
The easiest way to achieve what you need would be by taking a Jython script called "Basic" (it's a script which effectively duplicates LDAP bind authentication flow) and rewrite its part which deals with credentials' verification by adding code which calls required APIs.
Then, you would need to also add code which deals with auto-enrolment. We actually have a few scripts which do auto-enrolment, so you could research them and borrow code you need.
In other words, it's quite possible, assuming you are ready to invest some time into coding your solution, and you have somebody on your team with required coding skills. Please also note that we usually don't assist with a complex tasks like this within the scope of Community Support, so you'll be mostly on your own, unless you plan to purchase a support contract from Gluu any time soon.