Disabling domain discovery in sssd is not working.

Issue

• We have two AD domains in a parent\child structure; example.com and child.example.com. Resources in each domain, other than domain controllers, are on isolated subnets. In short, our Linux servers in child.example.com do not have network access to example.com in any way.
• After we’ve joined our linux servers to child.example.com, some users cannot authenticated some of the time. We’ve narrowed down the cause of the issue that the Linux servers are using domain discovery with AD DNS and attempting to resolve example.com through the child.example.com DNS SRV records.
• Since there is no network connectivity, our example.com DCs are unreachable and this is causing sssd to work in offline mode, so when a user tries to authenticate on a Linux server in child.example.com, AD authentication isn’t even attempted and users are not found.
• We need to limit sssd to ONLY reference and authenticate against our two child.example.com DCs and not DCs in any other domain that we currently have or may add in the future.