AD trust configuration

I have an AD trust set up with my IDM servers. I can log in to an IDM client, and have figured out how to override the default shell (/bin/sh) and the home directories using overrides in /etc/sssd/sssd.conf on the client.

Two questions:
1. Is is possible to do the above overrides on the IPA server instead?

2. ls -l displays user@fully.qualified.domain for both user and group. How do I get rid of the domain part of that?

Both the IPA servers and the client are RHEL 7.8.

I have to use domain\user to log in via ssh, but I don't care about that. It would be nice to use just user, but I tried setting:

ipa config-mod --domain-resolution-order=ipa.domain:ad.domain

on the server, that just made ls behaviour worse.