AD had nothing to do with internet restrictions, as long as IP routing and DNS resolving are concerned. You should put these restrictions at firewall level.
If you are using AD also for DNS you can create fake records. You can also use Group Policy to push a hosts file with fake entries for those sites. Neither are perfect but both are free