Hi,
I've read a few tutorials on providing user logins via AD, and they usually involve a complicated setup with a few dependencies that look ripe for breaking,. They talk about Samba mounting home dirs and registering into dynamic DNS, which is not what I need. Just plain simple username+password and groups.

In the past I used NSLCD alone to allow RHEL7 clients to LDAP authentication for user+group credentials only. It is reliable an never broke.
It was a year ago for a different company, so I've forgotten some details.

But from memory it was like this: ( Admittedly don't recall needing to configure or run sssd.conf but maybe I did ).

cat /etc/nslcd.conf

uid nslcd
gid ldap
uri ldaps://ldap3.me.local ldaps://ldap2.me.local ldaps://ldap1.me.local ldaps://ldap4.me.local
base o=fred
ssl yes
tls_cacertdir /etc/openldap/cacerts

grep ldap /etc/nssswitch.conf

passwd: file sss ldap
shadow: files sss ldap
group: files sss ldap

authconfig --enableldap

Can I do something simple with Active Directory user credentials? The AD is a single forest.