Hi Jakub,
I've managed to catch the error again with my own machine so this time i've had time to properly capture the issue. I've been looking into the logs and what seems to be happening is that we have multiple AD Domains Active. I want to know if this is heard of, our local AD domain and a trusted forest are being used as Active domains in ldap searches. Our local AD responds to a be request from sssd_be and fills the correct group into the nss cache, then it gets a response from the trusted domain and the group doesn't exist so it overwrites the cache with no such group. I think the intermittent issue occurs because sometimes ldap will query the remote forest and other times the local. Please advise on whether this is plausible or not.
Thanks, Jamal