That's what our Enterprise Edition does, it works with our server suite or our privilege servcie (password/session vault/broker). In addition, our Standard Edition allows you to add your AD users to a role that contains the privileges granted to the local shared account; this way users log in as themselves and can only perform the actions that you define based on roles. This eliminates the challenge you're having all together.
What you are describing is also a challenge with most "Password-based PIM solutions" when you allow shared use of a generic account.
If your goal is traceability, e.g. "Which AD account switched to the generic account at any point" you can simply look at the syslog of the system. By default an "audit trail" will be generated when the user switches (e.g. if you're using sudo to switch to the generic account).
Aug 1 09:27:26 engcen6 dzdo: dwirth : TTY=pts/3 ; PWD=/home/dwirth ; USER=root ; COMMAND=/bin/su - managed-acct Aug 1 09:27:26 engcen6 su: pam_unix(su-l:session): session opened for user managed-acct by (uid=0)
In the log sequence above, it was my AD user (dwirth) that switched to the generic account.
This may be the beggining for more complex requirements like session transcription (how can you trace what each AD user did after switching to the generic account) or can you replay the session and that's what our Enterprise Edition and Privilege Service products are all about. https://www.centrify.com/express/linux-unix/reasons-to-upgrade/
I hate to sound like a commercial for our for-pay entries (we are here to educate and help), but what you want goes beyond what Express provides. You can do your correlation with logs like I outlined.