By default, the adnisd process retrieves all NIS maps stored in Active Directory at each update interval, updates its local cache as needed, and makes all such data available to its NIS clients. In some cases, you may want to prevent NIS clients from accessing data in specific maps or from looking up information using a specific key.
With the nisd.exclude.maps parameter, you list the NIS maps to exclude from responses to NIS client requests (typically user and group information). When you specify a map, its derived maps are excluded as well. For example:
nisd.exclude.maps: group passwd
For more information, see the Configuration and Tuning Reference Guide.