/etc/nsswitch.conf has:
passwd: files sss
shadow: files sss
group: files sss
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files
aliases: files nisplus
/etc/sssd/sssd.conf has:
[sssd]
config_file_version = 2
services = nss, pam
domains = AD
[nss]
filter_users = root
override_shell = /bin/bash
override_homedir = /home/%u
[pam]
[domain/AD]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_uri = ldaps://my-ldap-server/
ldap_schema = rfc2307bis
(other ldap settings)
cache_credentials = true
enumerate = false