For RHEL7 and RHEL8 sssd, it can see domain-local AD groups (from the local
domain) + global groups (from the local domain) + universal groups (from
all trusted domains).
Yet it cannot see global groups from non-local trusted domains. We have
those team convert the group to universal groups and problem solved.
(don't use many global groups anyway),
Is this expected behaviour?
in the /etc/sssd/sssd.conf file, the local domain is defined and then the
other trusted domains are auto-discovered. so that it's searching the GC
to find universal group memberships. I mention the trusted domains in
Like I say -- this is not a big problem. We rarely use global groups
anyway. Just curious if this is expected behaviour.