Hi,

First of all thanks for all the work, it really saved me some time. Especially the SID retrieval part directly from the kerberos ticket.

Looking into that, I seem to have an issue on my end. Not sure where it comes from and if it could be an issue from the ticket decoding. When looking at the SID retrieved from a user of my app, I get some stuff in the resourceGroupSids part of the PacLogonInfo. These info are the local/applicative rights related to the user so that's good, but it seems the SIDs retrieved are not entirely correct.

Here's an example of what I've got (no real data):

• SID registered in the AD (retrieved otherwise, so the true one) : S-1-X-12-12345-12345-12345-9999
• SID retrieved in resourceGroupSids : S-1-X-12-12345-12345-12345-12-12345-12345-12345-9999

Basically it seems some data is duplicated while constructing the SID. In summary I have :
-> correct SID: S-1-X-SOMESTUFF-9999
-> SID in resourceGroupSids: S-1-X-SOMESTUFF-SOMESTUFF-9999

I'm not too familiar with all these mechanisms, so I don't know if something is indeed wrong here of if I'm mistaken somehow?
I checked for SIDs retrieved in PacLogonInfo groupSids and these ones are correct.

Cheers,
Sylvain