@jwward65,
Like I said on a track, we had a conversation with Red Hat about your problem and they confirmed that a new IdM functionality in RHEL version 7.4 (which has been released less than two weeks ago) has the ability to authenticate users from multiple Active Directory domains using short names:
SSSD supports user and group lookups and authentication with short names in AD environments
Previously, the System Security Services Daemon (SSSD) supported user names without the domain component, also called short names, for user and group resolution and authentication only when the daemon was joined to a standalone domain. Now, you can use short names for these purposes in all SSSD domains in these environments:
On clients joined to Active Directory (AD)
In Identity Management (IdM) deployments with a trust relationship to an AD forest
The output format of all commands is always fully-qualified even when using short names. This feature is enabled by default after you set up a domain's resolution order list in one of the following ways (listed in order of preference):
Locally, by configuring the list using the domain_resolution_order option in the [sssd]section of the /etc/sssd/sssd.conf file
By using an ID view
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/new_features_authentication_and_interoperability.html
... View more