Not all group memberships are shown for a user after a login to a machine that is enrolled in AD.

Solution Verified - Updated 2017-09-22T13:40:55+00:00 -

Issue

A machine is directly enrolled into a Windows Active-Directory domain
After a user login, 'id' does not show all the Windows groups the user is a member of
When host-based access control is in place which is based on group -memberships, this can even prevent users to login

Environment

Red Hat Enterprise Linux
System Security Services Daemon (sssd)
Client machine directly enrolled into Active-Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)