[SSSD-users] Weird issue with "Couldn't invalidate user" - SSSD-AD

Hello, I've begun to see the oddest thing within our AD environment on Linux clients (Ubuntu 20, 22). During logins I see "groups: cannot find name for group ID". Then during various operations (eg when installing a package that has scripts that create local users, such as postgresql) I see a few of the same userIDs listed as terminal output like this: Couldn't invalidate user jim.bob(a)domain.college.edu Couldn't invalidate user sally.sue(a)domain.college.edu Couldn't invalidate user joe.nobody(a)domain.college.edu Reading through what little comes up in Google for 'Couldn't invalidate user' + sssd, I found old bugs about not being able to invalidate groups in the sss_cache. That got me far enough to have a repeatable action to force this output: # sss_cache -UG Couldn't invalidate user jim.bob(a)domain.college.edu Couldn't invalidate user sally.sue(a)domain.college.edu Couldn't invalidate user joe.nobody(a)domain.college.edu I've tried ramping up debugging on my AD domain entry in sssd.conf to 9 but I'm not seeing anything that jumps out. Any ideas? Thanks!