Hi Rahul, if I understand your requirement correctly there is no AD user required at all. Only for Kerberos based SNC an AD account is needed that represents the SAP system in the Kerberos world. When using X.509 client certificate based SNC the SAP system is solely represented by it's own SNC keypair (in the SNC SAPCryptolib PSE in STRUST).
Regards,
Lutz