[nss]
filter_groups = root,adm
filter_users = root,adm
reconnection_retries = 3

[pam]
reconnection_retries = 3

[sssd]
###domains###
config_file_version = 2
services = nss, pam

###[domain/###
###ad_domain###
###krb5_realm###
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = true
enumerate = true
auth_provider = ad
chpass_provider = ad
dyndns_update = true
dyndns_update_ptr = false
###ad_hostname###
ldap_schema = ad
ldap_sasl_mech = gssapi
ldap_krb5_init_creds = true