SSSD not returning all members from AD groups containing more than 1500 members
Issue
- Certain members of an AD group fail to authenticate whereas other members of the same group can authenticate.
-
The
getentcommand does not return all members of the AD group.# getent -s sss passwd LinuxUsers -
Secondary groups are not listed when the
idcommand is run to display the groups, a user belongs to.
Environment
- Red Hat Enterprise Linux (RHEL) 9.y
- SSSD
- Direct integration with Microsoft Active Directory (AD)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.