diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a904da4..4ac3702 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -505,6 +505,10 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
 				   sid_string_dbg(&t->sids[i])));
 			continue;
 		}
+		if (ids[i].id.gid == (uint32_t)(-1)) {
+			DEBUG(3, ("Artifical GID -1, skipping.\n"));
+			continue;
+		}
 		if (!add_gid_to_array_unique(server_info, ids[i].id.gid,
 					     &server_info->utok.groups,
 					     &server_info->utok.ngroups)) {
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index cf15f03..da4ad23 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -517,6 +517,7 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 				"objectSid",
 				NULL, /* attr_uidnumber */
 				NULL, /* attr_gidnumber */
+				"sIDHistory",
 				NULL };
 	LDAPMessage *res = NULL;
 	LDAPMessage *entry = NULL;
@@ -577,7 +578,7 @@ again:
 		ids[idx]->status = ID_UNKNOWN;
 
 		sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), ids[idx]->sid);
-		filter = talloc_asprintf_append_buffer(filter, "(objectSid=%s)", sidstr);
+		filter = talloc_asprintf_append_buffer(filter, "(objectSid=%s)(sIDHistory=%s)", sidstr, sidstr);
 
 		TALLOC_FREE(sidstr);
 		CHECK_ALLOC_DONE(filter);
@@ -624,8 +625,17 @@ again:
 
 		map = find_map_by_sid(&ids[bidx], &sid);
 		if (!map) {
-			DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
-			continue;
+			if (!ads_pull_sid(ctx->ads, entry, 
+						"sIDHistory", &sid)) {
+				DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
+				DEBUG(10, ("No history SID in entry\n"));
+				continue;
+			} 
+			map = find_map_by_sid(&ids[bidx], &sid);
+			if(!map) {
+				DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
+				continue;
+			}
 		}
 
 		/* get type */
@@ -857,7 +867,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
 	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
 
 	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
-	filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr);
+	filter = talloc_asprintf(mem_ctx, "(|(objectSid=%s)(sIDHistory=%s))", sidstr,sidstr);
 	TALLOC_FREE(sidstr);
 
 	if (!filter) {