diff -Naur nss-pam-ldapd-0.9.2/nslcd/group.c nss-pam-ldapd-0.9.2-new/nslcd/group.c
--- nss-pam-ldapd-0.9.2/nslcd/group.c	2013-10-29 23:20:01.000000000 +0100
+++ nss-pam-ldapd-0.9.2-new/nslcd/group.c	2014-01-30 14:48:24.286354613 +0100
@@ -72,6 +72,11 @@
    (these are already LDAP-escaped strings) */
 static char *gidSid = NULL;
 
+/* BUILTIN SID definitions */
+const char *builtinSid = "S-1-5-32";
+const gid_t min_builtin_rid = 544;
+const gid_t max_builtin_rid = 552;
+
 /* default values for attributes */
 static const char *default_group_userPassword = "*"; /* unmatchable */
 
@@ -96,8 +101,16 @@
    by gid, return -1 on errors */
 static int mkfilter_group_bygid(gid_t gid, char *buffer, size_t buflen)
 {
+  /* case of search with a Windows domain SID */
   if (gidSid != NULL)
   {
+    /* the given gid is a BUILTIN gid, the SID prefix is not the domain SID */
+    if (gid >= min_builtin_rid && gid <= max_builtin_rid)
+      return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
+                        group_filter, attmap_group_gidNumber, sid2search(builtinSid),
+                        (int)(gid & 0xff), (int)((gid >> 8) & 0xff),
+                        (int)((gid >> 16) & 0xff), (int)((gid >> 24) & 0xff));
+    
     return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",
                       group_filter, attmap_group_gidNumber, gidSid,
                       (int)(gid & 0xff), (int)((gid >> 8) & 0xff),