SSSD storing wrong shell in cache
You can use default in nss section.
[nss]
default_shell = /bin/bash
And override using override_shell = <your shell>
override_shell (string)
Override the login shell for all users. This option can be specified globally in the [nss] section or per-domain.
Edit1: for group specific changes
[sssd]
config_file_version = 2
services = nss, pam
domains=DOMAIN_GROUP1,DOMAIN_GROUP2,DOMAIN
[nss]
default_shell = /bin/bash
[domain/DOMAIN_GROUP1]
id_provider = ad
ad_domain = mydomain.local
ad_server = mydc01.domain.local,mydc02.domain.local,mydc03.domain.local
# Restrict to group members
ldap_user_search_base = DC=domain,DC=local?subtree?(memberOf=CN=group1,OU=Groups,DC=domain,DC=local)
# Shell
override_shell = /shell/path/for/group1
# Homedir
override_homedir = /home/%u
#same way for other groups
[domain/DOMAIN_GROUP2]
..........
..........
..........
Hope this will help.