I wanted to ask if there is any way to exclude only one sudo commands
and allow all the others.

For example, I want to exclude "passwd" command but allow all the others
without need to write each of the one by one.

This is more a sudo question than an IPA question but it is not
recommended to even try this.

For example, there would be nothing to stop them doing:

    sudo sh -c passwd

or:

    echo passwd | sudo sh

And there are many commands which will let you get out to a shell, directly or indirectly.