In /etc/sssd/sssd.conf, under the [domain/<domain>] section, add the following config
auto_private_groups = trueAfter the latter config is in place, remove the cached user details
systemctl stop sssd.service
rm -r /var/lib/sss/db/*
systemctl restart sssd.service