Error GroupPrincipal.FindByIdentity

I have a .NET 3.5 method, which, given the user and the list of Active Directory groups, returns a subset of the groups the user belongs to. The code works on dozens of installations, but does not work on one specific client site. The code is as follows:

List<GroupAttrs> ret = new List<GroupAttrs>();

foreach (SymDomainInfo domain in domains)
{
   using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain.Name, adUser, adPwd))
   {
      foreach (GroupAttrs aGroup in grpAttrs)
      {
         if (aGroup.Available)
                continue;

             GroupPrincipal pGroup;

             try
             {
                 pGroup = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, aGroup.Authid);
             }
             catch (Exception e3)
             {
                 Console.WriteLine("{3} finding group {0}/{4} in domain {1}: {2}", aGroup.Name, domain.Name, e3.Message, e3.GetType().Name, aGroup.Authid);

                 if (e3.InnerException != null)
                    Console.WriteLine("\tInner {0}: {1}", e3.InnerException.GetType().Name, e3.InnerException.Message);

                 continue;
             }

             if (pGroup != null)
             {
                Console.WriteLine("Found Group " + pGroup.DistinguishedName);
                FindUserInGroup(grpMap, identity.User, ret, pGroup);
             }
          }
   }
}

A GroupAttrsis our own database class that contains the name and SID (in the field AuthID) of the Active Directory group. The collection SymDomainInfoscontains the name and paths of all trusted domains in AD. And adUserand adPassword- these are the credentials of a domain user with the authority to search AD.

Each iteration of the loop gives the same error:

System.ArgumentException: . : sddlForm
System.Security.Principal.SecurityIdentifier..ctor(String sddlForm)
System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper( mainType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory)
System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef( mainType, String urnScheme, String urnValue, DateTime referenceDate)
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, mainType, Nullable`1 identityType, String identityValue, DateTime refDate)
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext , mainType, IdentityType identityType, String identityValue)
System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext , IdentityType identityType, String identityValue)
ADGroupsTest.Program.Main(String [] args)

, . , Active Directory. , . , AD , GroupPrincipal.FindByIdentity .

, : - , AD (mis) ? - , AD FindByIdentity ?