Cause: The sss_useradd and sss_groupadd tools scan the ID space for system accounts as configured by /etc/login.defs rather aggresivelly, looking for an unused ID. At the same time, the subdomain code didn't honor the min_id/max_id settings, so even setting a high min_id didn't help.
Consequence: Adding a system account using the sss_useradd or sss_groupadd tools took very long time as sssd was being hammered with getpwuid()/getgrgid() requests.
Fix: The subdomain code was fixed to honor the min_id/max_id configuration options.
Result: If the sssd is properly configure with min_id options, scanning the ID space is rather fast. At the same time, future versions of shadow-utils will scan the ID space more efieciently.