MDI Test and Set dont work in non-English domains

[fabricio-sasaki]

I inform a bug in Microsoft Defender for Identity: MDI Test and Set PowerShell’s commands don’t work in non-English domains, example Italian, Spanish and Portuguese.

Error when domain is in Portuguese-Brasil because "Cert Publishers" group call in PT-BR as "Editores de Certificados" and "Domain Contollers" as "Controladores de domínio"

Example: Test-MDIConfiguration -Mode Domain -Configuration All

Result:
PS C:\Windows\system32> Test-MDIConfiguration -Mode Domain -Configuration All

Get-GPPermission : The operation cannot be completed because "Cert Publishers"
is not a valid security group in the RITRAMABR1.LOCAL domain. Make sure that
the TargetName and TargetType parameters specify a valid security group for the
domain. Then, run the command again.
Parameter name: targetName
At C:\Program Files\WindowsPowerShell\Modules\DefenderForIdentity\1.0.0.1\Defend
erForIdentity.psm1:1675 char:13

•         Get-GPPermission @mdiGpPermissionParams
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (Microsoft.Group...missionsComma
    nd:GetGPPermissionsCommand) [Get-GPPermission], ArgumentException
  • FullyQualifiedErrorId : UnableToRetrieveTargetSID,Microsoft.GroupPolicy.C
    ommands.GetGPPermissionsCommand

Get-GPPermission : The operation cannot be completed because "Domain
Controllers" is not a valid security group in the RITRAMABR1.LOCAL domain. Make
sure that the TargetName and TargetType parameters specify a valid security
group for the domain. Then, run the command again.
Parameter name: targetName
At C:\Program Files\WindowsPowerShell\Modules\DefenderForIdentity\1.0.0.1\Defend
erForIdentity.psm1:1675 char:13

•         Get-GPPermission @mdiGpPermissionParams
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (Microsoft.Group...missionsComma
    nd:GetGPPermissionsCommand) [Get-GPPermission], ArgumentException
  • FullyQualifiedErrorId : UnableToRetrieveTargetSID,Microsoft.GroupPolicy.C
    ommands.GetGPPermissionsCommand

Get-GPPermission : The operation cannot be completed because "Cert Publishers"
is not a valid security group in the RITRAMABR1.LOCAL domain. Make sure that
the TargetName and TargetType parameters specify a valid security group for the
domain. Then, run the command again.
Parameter name: targetName
At C:\Program Files\WindowsPowerShell\Modules\DefenderForIdentity\1.0.0.1\Defend
erForIdentity.psm1:1953 char:13

•         Get-GPPermission @mdiGpPermissionParams
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (Microsoft.Group...missionsComma
    nd:GetGPPermissionsCommand) [Get-GPPermission], ArgumentException
  • FullyQualifiedErrorId : UnableToRetrieveTargetSID,Microsoft.GroupPolicy.C
    ommands.GetGPPermissionsCommand

Get-GPPermission : The operation cannot be completed because "Domain
Controllers" is not a valid security group in the RITRAMABR1.LOCAL domain. Make
sure that the TargetName and TargetType parameters specify a valid security
group for the domain. Then, run the command again.
Parameter name: targetName
At C:\Program Files\WindowsPowerShell\Modules\DefenderForIdentity\1.0.0.1\Defend
erForIdentity.psm1:1953 char:13

•         Get-GPPermission @mdiGpPermissionParams
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (Microsoft.Group...missionsComma
    nd:GetGPPermissionsCommand) [Get-GPPermission], ArgumentException
  • FullyQualifiedErrorId : UnableToRetrieveTargetSID,Microsoft.GroupPolicy.C
    ommands.GetGPPermissionsCommand

False

PS C:\Windows\system32>