So you want to have multpile supported authentication backends in parallel and LDAP should be enforced only for a list of specific email domains, all others should still use email/password authentication? I don‘t think that this is possible, but as you already found out, you can migrate authentication for specific accounts using the mmctl user migrate_auth command afterwards and you could also script that so it runs permanently in the background and automatically migrates new user accounts to avoid the manual work per account.
Just as a sidenote:
LDAP accounts do not need to be precreated or invited, you can configure it so a specific ldap group is allowed to login to Mattermost only and upon the first successful login of a user in the group, the account will be created and configured correctly.