We have an existing set of users in a local passwd file

I want to run sss_override to create mappings from the AD SID numbers to the existing uid numbers.

What is the concensus on running sss_override?

I can script it to either parse through the existing passwd file and make an override entry per user,

or to parse the file and create an import file which is run once with import-user

But when is a good time to run this?

In a daily cron job

When sssd is started, which would involve editing the systemd unit file

Creating a new systemd service which depends on sssd.service . This service runs sss_override and then restarts sssd.service

Or am I misunderstanding something?

I am assuming here we have on-disk sssd databases. If the databases are on a tmpfs then clearly the sss_override must be run at boot time by one of the above methods also.