As an administrator , I want to change the domain resolution order so that AD trust users can use a short name.
The domain resolution order needs to be set in order to use the short AD user name instead of the full user+domain suffix. SSSD doesn't read the global domain order in IPA for AD users, but it does support local and ID View domain ordering lists to support short names.
Currently, the only way to reliably configure this for AD users is by configuring SSSD's configuration file.
This might be related to the compat tree which also uses those overrides to check if a user matches a user in an AD domain: https://pagure.io/freeipa/issue/7748
CentOS 7 + FreeIPA 4.6.4
to comment on this ticket.