Here’s something interesting. Running this in the Active Directory forest resolves to a real user in the domain:
NTAccount adUser = new System.Security.Principal.NTAccount("domain\testuser");
If you pass this NTAccount to the remote filesystem to add as the owner of a directory, as long as the remote system can resolve that user, everything is fine. However, if the remote system cannot resolve the user, it uses the SID instead. Which isn’t good. However, after the next replication, the SID is replaced by the resolved user. That is good!
UPDATE – 7/11/09
Must have been due to replication leaving the test user hanging around. Starting with a completely new user, if the server where the directory is created can’t find the user, it raises a System.Security.Principal.IdentityNotMappedException