add the user to a group in AD that has full rights to the CIFS shares.
Have you considered changing this process? I would advise:
create a new user in AD.
add user to a group in AD that has full rights to the CIFS shares.
login into domain using AD account.
The reason why i suggest adding the AD user to the AD group BEFORE the user logs on to the domain is to ensure the SID of AD group that is used to control access to the CIFS share is included in the users kerberos ticket which is granted to user at logon by a domain controller. If the user logs on and they are NOT a member of the AD group that controlls access to the CIFS share then the group SID will not be in the users kerberos ticket... hence when the user requests to access the resource they will recieve "access denied" but when they log off\logon (and recieve a new kerberos ticket containing the SID of the AD groups that controlls access to the share) they can access the share.
Hope that helps
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.