Hi, I have a domain "example.com" which has several child domains "abc.example.com", "def.example.com", "ghi.example.com". I have joined my CentOS 6.8 server to the domain "example.com" using adcli and my sssd version is sssd-1.13.3-22 Here is my sssd.conf: ====================== BEGIN ======================= [sssd] services = nss, pam, ssh config_file_version = 2 domains = example.com [pam] pam_id_timeout = 20 [domain/example.com] id_provider = ad auth_provider = ad ldap_id_mapping = true cache_credentials = true override_homedir = /home/%u subdomain_enumerate = all krb5_auth_timeout = 20 [nss] override_shell = /bin/bash ======================== END ========================= I have user1 in example.com and user2 in abc.example.com when I run "getent passwd user1" I get the expected output. user1:*:123456789:987654321:User 1:/home/user1:/bin/bash But when I run "getent passwd user2", I do not get any output. And when I run "getent passwd user2(a)abc.example.com", I get the output as follows; user2@abc.infores.com:*:123456780:987654321:User 2:/home/user2:/bin/bash I would like to use only the username (without the child domain name suffix) for all purposes (login/id command/getent command etc). How can I get the getent output for the IDs in the child domain to be the same as the getent output for IDs in the parent domain? I have read the man pages and also tried the "use_fully_qualified_names = false" option. It didn't help the child domain IDs Thanks in advance,