diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index f270ccd..444fe66 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -618,6 +618,12 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 				   sid_string_dbg(&t->sids[i])));
 			continue;
 		}
+
+		if (ids[i].id == (uint32_t)(-1)) {
+			DEBUG(3, ("Artifical GID -1, skipping.\n"));
+			continue;
+		}
+
 		if (!add_gid_to_array_unique(session_info, ids[i].id,
 					     &session_info->unix_token->groups,
 					     &session_info->unix_token->ngroups)) {
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index bfe7d4b..e01497d 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -512,6 +512,7 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 				"objectSid",
 				NULL, /* attr_uidnumber */
 				NULL, /* attr_gidnumber */
+				"sIDHistory",
 				NULL };
 	LDAPMessage *res = NULL;
 	LDAPMessage *entry = NULL;
@@ -572,7 +573,7 @@ again:
 		ids[idx]->status = ID_UNKNOWN;
 
 		sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), ids[idx]->sid);
-		filter = talloc_asprintf_append_buffer(filter, "(objectSid=%s)", sidstr);
+		filter = talloc_asprintf_append_buffer(filter, "(objectSid=%s)(sIDHistory=%s)", sidstr, sidstr);
 
 		TALLOC_FREE(sidstr);
 		CHECK_ALLOC_DONE(filter);
@@ -619,8 +620,17 @@ again:
 
 		map = find_map_by_sid(&ids[bidx], &sid);
 		if (!map) {
-			DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
-			continue;
+			if (!ads_pull_sid(ctx->ads, entry, 
+						"sIDHistory", &sid)) {
+				DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
+				DEBUG(10, ("No history SID in entry\n"));
+				continue;
+			} 
+			map = find_map_by_sid(&ids[bidx], &sid);
+			if(!map) {
+				DEBUG(2, ("WARNING: couldn't match result with requested SID\n"));
+				continue;
+			}
 		}
 
 		/* get type */
@@ -852,7 +862,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e,
 	attrs[3] = ctx->ad_schema->posix_gidnumber_attr;
 
 	sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
-	filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr);
+	filter = talloc_asprintf(mem_ctx, "(|(objectSid=%s)(sIDHistory=%s))", sidstr,sidstr);
 	TALLOC_FREE(sidstr);
 
 	if (!filter) {