The workaround does not seem to work for the root user. I added the root user to the sysadm group and put the following line in the [nss] section of sssd.conf:

filter_users = ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd

After restarting sssd the sysadm group does not show up for the root user. This functionality works fine for another local user. Is there additional configuration needed to enable this for the root user?

Thanks,

--Tavi