After migrating AD from 2003 to 2012, I ran into this issue on a RADIUS server running 2008 R2, used for authentication. When attempting to retrieve AD information for a particular user, the following error appeared:
The solution (at least for Windows 7 and 2008 R2), is to install hotfix 2830145.
The hotfix is only available by request through e-mail.
When attempting to log on to a 2012-based domain controller, the following SIDs are unmappable:
2012 introduces two new security principal SIDs that are used for differentation between proof of possession and Service-for-User-to-Self (S4U2Self) protocol transititions. Applications on Windows version before 2012 that use these SIDs, may fail.
You can easily check whether this is the problem by using SysInternals PsGetSid utility.
The command should fail with the following error: