diff --git a/roles/ipa/client/handlers/main.yml b/roles/ipa/client/handlers/main.yml
index 1cf0af125d..d821acf113 100644
--- a/roles/ipa/client/handlers/main.yml
+++ b/roles/ipa/client/handlers/main.yml
@@ -1,5 +1,6 @@
 ---
 - name: clean sss caches
   command: sss_cache -E
-- name: deep clean sss caches
-  shell: systemctl restart sssd && sss_cache -E
+
+- name: restart sssd
+  shell: systemctl restart sssd
diff --git a/roles/ipa/client/tasks/common.yml b/roles/ipa/client/tasks/common.yml
index ea2d4d1cf4..99f1fc3139 100644
--- a/roles/ipa/client/tasks/common.yml
+++ b/roles/ipa/client/tasks/common.yml
@@ -40,9 +40,3 @@
   loop: "{{ ipa_server_host_groups_hosts }}"
   when: ipa_server_host_groups_hosts is defined
 
-- name: Ensure that nss knows to skip certain users
-  copy: src=fedora-nss-ignore.conf dest=/etc/sssd/conf.d/ mode=600 owner=root group=root
-  tags:
-  - ipa/client
-  - config
-  notify: deep clean sss caches
diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
index bf89bd2364..1aa1e7691a 100644
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@@ -70,3 +70,12 @@
     - ipa/client
     - config
   run_once: yes
+
+- name: Ensure that nss knows to skip certain users
+  copy: src=fedora-nss-ignore.conf dest=/etc/sssd/conf.d/ mode=600 owner=root group=root
+  tags:
+  - ipa/client
+  - config
+  notify:
+    - restart sssd
+    - clean sss caches