[sssd]
config_file_version = 2  
services = nss, pam  
domains = domain.local 
 
[nss]  
filter_groups = root  
filter_users = root  
reconnection_retries = 3  
 
[pam]  

[domain/domain.local]  
# General  
debug_level = 7  
enumerate = true  
case_sensitive = false  
cache_credentials = true  
min_id = 100  

# Providers  
id_provider = ldap  
auth_provider = ldap  
access_provider = simple  
chpass_provider = ldap  
 
# LDAP General  
ldap_id_use_start_tls = false  
ldap_schema = rfc2307bis  
ldap_tls_cacertdir = /etc/openldap/certs  

# LDAP General  
ldap_id_use_start_tls = false  
ldap_schema = rfc2307bis  

# LDAP user search settings  
ldap_user_search_base = DC=domain,DC=local

# LDAP group search settings  
ldap_group_search_base = DC=domain,DC=local

# LDAP Class settings  
ldap_user_object_class = user  
ldap_user_principal = userPrincipalName  
ldap_user_name = sAMAccountName  
ldap_user_gecos = displayName  
ldap_group_object_class = group  
ldap_group_name = sAMAccountName  
ldap_user_home_directory = unixHomeDirectory
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber

# LDAP connection settings  
ldap_uri = ldaps://ldap.domain.local:636
ldap_default_bind_dn = CN=linux_ldap,CN=Users,DC=domain,DC=local
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = obfuscatedpassword

# Access settings via simple  
simple_allow_groups = linux-ldap-full

Modify AD UNIX Attributes:

unixHomeDirectory: /home/name
loginShell: /bin/bash
uidNumber: x
gidNumber: x

Add in /etc/nsswitch.conf

sudoers: files sss

Add in /etc/sudoers with visudo

%active-directory-ad-group ALL=(ALL) ALL

Create in /etc/group

active-directory-ad-group:x:10000:active-directory-ad-group