From 27f6747b4a5dd1a606f2c6fce3ce265c9e0900b6 Mon Sep 17 00:00:00 2001
From: canix1 <robin.g@home.se>
Date: Thu, 14 Dec 2017 12:04:15 +0100
Subject: [PATCH] Error handling of SID translation and manual translation for
 Domain Controllers

---
 .../SecurityPolicyResourceHelper.psm1         | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/DSCResources/SecurityPolicyResourceHelper/SecurityPolicyResourceHelper.psm1 b/DSCResources/SecurityPolicyResourceHelper/SecurityPolicyResourceHelper.psm1
index e2eadc7..04a33b0 100644
--- a/DSCResources/SecurityPolicyResourceHelper/SecurityPolicyResourceHelper.psm1
+++ b/DSCResources/SecurityPolicyResourceHelper/SecurityPolicyResourceHelper.psm1
@@ -330,8 +330,24 @@ function ConvertTo-NTAccount
     {
         $id = ( $id -replace "\*" ).Trim()
 
-        $sidId = [System.Security.Principal.SecurityIdentifier]$id
-        $result += $sidId.Translate([System.Security.Principal.NTAccount]).value
+        try
+        {
+            $sidId = [System.Security.Principal.SecurityIdentifier]$id
+            $result += $sidId.Translate([System.Security.Principal.NTAccount]).value
+        }
+        catch
+        {
+            #Domain Controllers can't translate SID S-1-5-90-0
+            if($id -match "S-1-5-90-0")
+            {
+                $result += "Window Manager\Window Manager Group"
+            }
+            else
+            {
+                write-verbose "SID $id is orphaned, consider removing"
+
+            }
+        }
     }
 
     return $result