MSFT:53847109 [.NET Core] DTS / UserPrincipal.GetAuthorizationGroups returns PrincipalOperationException: Information about the domain could not be retrieved (1212).

[kumarravik78c]

UserPrincipal.GetAuthorizationGroups function returns exception when kerberos FAST is enabled which another security functionality. When FAST is enabled, the dot-net code does an additional domain look up with domainname "NT Authority" which is invalid since the domainname should not have a space in it. We are adding a check if the SID is sentinel type which meand that the sid is of the following Type then we do not do another domain look up.

Sentinel SID: S-1-5-21-X-Y-Z-R means that the SID belongs to a domain (including the local account domain) unless X=Y=Z=0 in which case it’s a sentinel SID, a special type of pseudo-object that can’t be interpreted in isolation.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014
See info in area-owners.md if you want to be subscribed.

[kumarravik78c]

@dotnet-policy-service agree company="Microsoft"