Last Updated on 2016-01-09.
Scenario
Domain Controllers: Windows 2012 R2, Windows 2008 R2
After upgrading the 2012 R2 system from 2008 R2 to 2012 R2, the following C# .Net code might raise an IdentityNotMappedException or TypeInitializationException:
private static ArrayList ADGroups = new ArrayList();
System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
foreach (System.Security.Principal.IdentityReference group in identity.Groups)
{
ADGroups.Add(group.Translate(typeof(System.Security.Principal.NTAccount)).ToString());
}
It seems like Windows 2012 (R2) Server returns an SID which is sometimes convertible to typeof(NTAccount), sometimes not. It might also depend on whether the .Net application accesses the 2008 or 2012 DC. This error seems not to appear under Windows 8.1, but on some Windows 7 workstations.
Workaround
Simply catch the IdentityNotMappedException.
Of course, this is not the best solution, but it is quite painful to find the AD group which causes the exception. But you could e.g. install Visual Studio on a system where the exception raises and on one where it does not, then compare the results.