Hi Rowland,
You cannot have a 'user' object and a 'group' object with the same name,
I know that, that's what I pose in my original post if you read it. The sAMAccountName has to be unique, but this doesn't seem to apply to disply name, for example.
further more, the example you give is a 'local unix' user and should not be put into AD. If you did put them into AD, you would have to remove them from /etc/passwd and if the domain went down for some reason, you would have NO USERS at all.
So what? Does sssd not provide local credentials caching? Isn't AD fault-tolerant/ highly-available across several hosts? Housing Linux "service accounts" in AD is a very common practice.
If you are going to use AD, then I suggest that you do a bit more research, it will not work the way you want it to, this has nothing to do with sssd.
Based on your response it would seem this advice applies more to yourself : )
-AP