Hi folks, I've got a simple FreeIPA topology with a 1-way trust to a nice uncomplicated Active Directory environment. Unlike my other projects there is no complex AD forest or topology to navigate; just a single integrated domain. Because of this we have short usernames working for login just fine; works great.  Instead of &quot;chris(a)domain.com&quot; I can login as "chris" However I was asked if it was possible to also use short  aka "not fully qualified" names when looking at local 'id', user and group info Basically the question was if it was possible to use short names for everything including id views, getent output and group output This is where my knowledge hits a wall -- I think this level of username and group handling is fed into NSS via IPA? If so is there a way to alter FreeIPA to use unqualified names -- presumably via altering or creating a new Trust View and applying it to the hosts?  Not really sure if this is sensible or even advisable but I've been asked to research Here is an example: ## Short login works fine! my AD username is &quot;dagdigian(a)example.com&quot; ... $ ssh dagdigian(a)172.17.0.57 <mailto:dagdigian@172.17.0.57> Last login: Thu Oct 22 22:37:32 2020 from 10.10.210.63 ## But user are asking about the OS view of usernames and groups: ## Is there a way to use non fully qualified names in these sorts of views, possibly via new Trust Views on the IPA server side? ## Is this even reasonable to consider doing? [dagdigian@example.com(a)ansible-testhost-01 <mailto:dagdigian@dnli.com@ansible-testhost-01> ~]$ id uid=1087803012(dagdigian(a)example.com <mailto:dagdigian@dnli.com>) gid=1087803012(dagdigian(a)example.com <mailto:dagdigian@dnli.com>) groups=1087803012(dagdigian(a)example.com <mailto:dagdigian@dnli.com>),692600000(admins@ipa.example.com <mailto:admins@ipa.dnli.com>),692600010(example_admins_posix@exaple.com <mailto:denali_admins_posix@dnli.com>),1087800513(domain users(a)example.com <mailto:users@dnli.com>),1087803220(consultants@example.com <mailto:consultants@dnli.com>) [dagdigian@example.com(a)ansible-testhost-01 <mailto:dagdigian@dnli.com@ansible-testhost-01> ~]$ Thanks! Regards Chris