Feature: A new option, ad_access_filter was added to the AD provider of SSSD.
Reason: Previously, only the ldap_access_filter could be used by the administrator. Setting this option with an AD provider required setting several low-level LDAP connection details. Moreover, the ldap_access_filter could only be used globally, the new ad_access_filter can be set per AD domain as well.
Result (if any): If the ad_access_filter option is set in sssd.conf file, only users who match the filter are allowed access to the machine.