MAN: Add note about AD Group types

Linux admins/users may not know that the AD distribution group type is intended only for email. Per microsoft: Distribution groups are not security enabled, which means that they cannot be listed in discretionary access control lists (DACLs).
SSSD · Jul 14, 2022 · fe284e7 · fe284e7
1 parent f9d3658
commit fe284e7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
@@ -109,6 +109,10 @@ ldap_id_mapping = False
             case-insensitive in the AD provider for compatibility with Active
             Directory's LDAP implementation.
         </para>
+        <para>
+            SSSD only resolves Security-enabled Active Directory group types.
+            (e.g. Not <quote>distribution</quote> groups)
+        </para>
     </refsect1>
 
     <refsect1 id='configuration-options'>