If all of the users are in an AD group, you can create a mail policy to handle these users. This has the added advantage of splintering any mail that is sent to members and non-members. Use a content filter to send a reply saying "use a different email address..." and then send the mail to an alternate destination host, both actions you can apply to all mail that hits this content policy.
that sounded pretty easy and straight forward, i thought it would take more. (I have limited knowledge but learning ) I have forwarded the need to let the CES access the inside of the network to query the AD. I think we can do it either with LDAP or SAML to achieve the same goal, correct?
Not with SAML. SAML is only for authentication, its not really "query-able" in the way you need. If you can't get LDAP done, a policy is still the right way to go so you get splintering. Just add the list of addresses to the Recipient side of the policy definition.