Hello,
When using the Admin Portal, the AD Users you can see are in fact dynamically read from AD by the Centrify Connector. The query is made by the Connector using is own machine credentials (Windows Computer account). If there are AD Users that do not appear, it could be they are located into OU that are not readable by default by any Users? Or maybe that they are located into a foreign Domain/Forest for which the Connector have no sufficent read Access?
Anyway, adding Users straight from the Admin Portal is of course serving it's purpose but... Why not simply assign an AD Group (maybe named "O365-Users") to the Role and then manage membership directly from AD rather than adding AD Users? IMO, using an AD Group will greatly simplify your management here.
Hope that helps,
Fab