Description of problem:
1> Cannot use name of AD User, but have to use wmic to get SID for this user to
add as a member to an external group
    wmic useraccount get name,sid

2> when adding duplicate AD user behaviour is different from regular duplicate
user

# ipa group-add-member --user=ttt aa
  Group name: aa
  Description: aaa
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175,
s-1-5-21-2048782538-2375889789-2933420090-1176,
                   s-1-5-21-2048782538-2375889789-2933420090-1179,
s-1-5-21-2048782538-2375889789-2933420090-1155,
                   s-1-5-21-2048782538-2375889789-2933420090-1100
  Member users: ttt
  Member groups: ttt
  Failed members:
    member user: ttt: This entry is already a member
    member group:
-------------------------
Number of members added 0
-------------------------

# ipa group-add-member
--external=s-1-5-21-2048782538-2375889789-2933420090-1175 aa
[member user]:
[member group]:
  Group name: aa
  Description: aaa
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175,
s-1-5-21-2048782538-2375889789-2933420090-1176,
                   s-1-5-21-2048782538-2375889789-2933420090-1179,
s-1-5-21-2048782538-2375889789-2933420090-1155,
                   s-1-5-21-2048782538-2375889789-2933420090-1100
  Member users: ttt
  Member groups: ttt
-------------------------
Number of members added 0
-------------------------


2> Can use invalid SIDs - and message says member was added.(-1100 is invalid)

[root@xdong ~]# ipa group-add-member
--external=s-1-5-21-2048782538-2375889789-2933420090-1100
Group name: bb
[member user]:
[member group]:
  Group name: bb
  Description: bb
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175,
s-1-5-21-2048782538-2375889789-2933420090-1100
-------------------------
Number of members added 1
-------------------------


How reproducible:

always

Steps to Reproduce:


Actual results:


Expected results:


Additional info: