[SSSD-users] Re: SSSD finds group in AD but doesn't return it

You can try: truncate --size 0 /var/log/sssd/* sss_debuglevel 9 sss_cache -E getent group $groupname sss_debuglevel 0

It's already done, actually. The id_provider=ad defaults to altorithmically mapping UIDs and GIDs from Windows SIDs (see the section "ID MAPPING" in the sssd-ad manpage). So I think the only reason the group could have been marked as non-POSIX (and at that point, the group being non-POSIX is just internal SSSD lingo) could be the group type which would only be shown with a higher debug level I think.