This configuration parameter specifies the message displayed if a user name conflict is detected during login; that is, if there is a local user with the same name but a different UID than the Active Directory user logging on; for example,

user1 10001  #local user
user1 10002  #AD user

When the message is displayed, the %s token in the message string is replaced with the name of the conflicting local account. The message string you define must contain exactly one %s token, and no other string replacement (%) characters.

For example: \
Accounts with conflicting name (%s) exist locally

For more information about displaying a warning when local conflicts are detected, see pam.uid.conflict.