exploitationwindows,
What is described is the expected behavior.

Non-mapped (static)

ldap_id_mapping = false

UID and GID values are stored in Active Directory attributes (uidNumber and gidNumber in LDAP parlance) and read by the daemon when the user or group is referenced. If other standard POSIX attribute values are populated (loginShell, homeDirectory, gecos) they will be read as well.

Mapped (calculated)
ldap_id_mapping = true

UID and GID values are calculated using an algorithm run against Active Directory user and group Security Identifiers (SID) to generate unique UID and GID values. Because the object SIDS do not change these values persist across servers running the SSSD.

Whether to use mapped or non-mapped UID/GID values is a design choice you want to make at the front side of deployments. As soon as file systems are involved (as UID and GID vaues are written to them) swapping modes is not a trivial undertaking.


Hoping to have helped,


-- lawrence