Hi Sumit,
Thanks a lot for your help.
About:
if I understand it correctly there are groups in AD with GIDs 102242 and 100327 and there are objects (users or groups) in IPA with are using the same number as UID/GID.
It's the other way around, but exactly as you said: there are users (or groups) in freeipa with uid (or gid) 102242 and 100327.
[root@lab6 ~]# id user1(a)addomain2.com uid=105806(user1) gid=106520(group1) groups=106520(group1),104446(group2),104870(group3),102242(group5),100327(group6)
Based on your answer, I am going to create a new id range for new users ir order to avoid this collision in the future. But, obviously, I have a problem with the current uids/gids...
Just one last question, if you could. As far as I know Linux works with uids/gids all the time, do you think this issue with current collisions could cause any real problem? I mean, this is an aesthetic issue or do I have a real mess with permissions?
Thanks again david