This bug is created as a clone of upstream ticket:
The Active Directory objectGUID LDAP attribute is returned as a binary value which is currently not handled well be SSSD. There is a string representation defined in [MS-DTYP] section 220.127.116.11 which should be used to store the attribute to the cache. Only the surrounding curly braces should be dropped because they cannot be used for LDAP searches.
*** Bug 1215925 has been marked as a duplicate of this bug. ***
Verified via automation run against large no. of user and group sets on AD. Verified in sssd-1.12.4-42.el6.x86_64
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.