sssd can work with Active Directory servers that do not have POSIX attributes set up for users. It does this by having a mapping algorithm between Windows SIDs and Unix UIDs. This mapping is deterministic so that it is the same on any machine (and hence usable in a cluster).
However we do not support this mode in tl-ldap-certalias which requires POSIX attributes on users in order to be able to map them properly.
Looks like Microsoft is slowly forcing everyone into the auto-generated uid/gid direction by removing the GUI to set the Unix attributes on objects in an AD: