SSSD Authentication to Windows Domain without @domain.com everywhere
The 'default_domain_suffix' answer is valid for users from a trusted domain (i.e. IPA-AD trust is in place).
However, if your setup only has one domain, then removing "use_fully_qualified_names=True" from the config is an easier way.