Learn more about these different git repos.
Other Git URLs
The SSSD code currently ignores AD built-in groups. There is no mapping
to POSIX IDs for these groups and there is no mapping because there are
no corresponding generic groups on the UNIX/Linux side.
For the most part this is OK, but in GPO code it would be good to not
ignore the built-in groups. It is common practice to include the built
in group Administrators to all "allow" GPO access control rules. With
SSSD not supporting it, the groups either need to specifically allow
the user Administrator or some other gorups such as Domain Admins.
This is not convenient and Active Directory actually prints a warning
if the Administrators built-in group is not member of some allow
access control rule (like Allow log on locally) so we should support
this use case.
to comment on this ticket.