I like the idea of storing a unique UID in the AD attribute for a user. Using sssd to do it means you have to define the same mapping on each sssd implementation. This means you have more chance of getting it wrong with a typo or editing stuff up and that means you could have users creating files with the wrong UID that then need to be cleaned up. The other problem is users having an incorrect UID reading files they should not have access to.