Using users from Active Directory through sssd to run servic or not

Hello Community,

Because I'm very new on the following topic, the title of this thread may sound a bit fishy. Please bear with me and ask if something is hard to understand.

My questions are related to the following example:

We integrated our RHEL 7systems to Active Directory using realmd and sssd following Chapter 2.5 and 3 in Windows Integration Guide.

We think about using the users from Active Directory to run services on our RHEL 7 hosts. But in case the host loses his connection to the domain controller and the local cache times out, the service would break. To avoid this we thought we could create an user account in Active Directory with uidNumber and gidNumber and then create a local system user with the same uid and gid. The user should exist in Active Directory to be able to check whether a specific user already exists or not. And in case it exists, to use the same uid and gid for the locally created user. This way we would avoid mixed up uids on file shares. But if a host is aware that a user account already exists in Active Directory it will prevent the creation of a local user with the same name. And at this point I am lost.

How do you manage situations described in the example above? Do you run your services with users from Active Directory or do you only use local system users? In the first case, how do you avoid that the service crashes when the host lost his connection to the domain controller? In the second case, how do you prevent multiple uid and gid for a user (e.g. Bob) on multiple systems?

Where could I find information to this topic? Are there any best practises?

Any help is appreciated.

Best regards,
Joerg

EDIT: Fixed some very bad typos.