The workarounds worked but as you suggested the uids changed when bound to slice0, which
will cause all sorts of permissions issues.
These are ephemeral VMs in Azure that spin up to process a job and then spin down. As
such, I copied a known good sssd cache file (cache_jmorey.net.ldb) at boot to the
ephemeral nodes and that also worked. Although I'm not sure of the downside of this
approach, the upside is the existing uid/gid are preserved.