This is the output from both IPA server and client:

 

 

 

From IPA Server:

 

# id mspezie@example.org

uid=1070607073(mspezie@example.org) gid=1070607073(mspezie@example.org) groups=1070607073(mspezie@example.org)

1070603934(linux power users@example.org)

1070600512(domain admins@example.org)

1535800006(ad_admins)

1535800000(admins)

....

1070600513(domain users@example.org)

 

# id freeipa@example.org

uid=1070607388(freeipa@example.org) gid=1070607388(freeipa@example.org) groups=1070607388(freeipa@example.org)

1070600513(domain users@example.org)

1535800006(ad_admins)

1535800000(admins)

 

 

From IPA Client:

 

# id mspezie@example.org

id: mspezie@example.org: no such user

 

# id freeipa@example.org

uid=1070607388(freeipa@example.org) gid=1070607388(freeipa@example.org) groups=1070607388(freeipa@example.org)

1070600513(domain users@example.org)

1535800006(ad_admins)

1535800000(admins)

 

 

The only difference from these two accounts is that freeipa(a)example.org is present in cn=Users and mspezie(a)example.org not.

All the AD groups associated to mspezie have a name