Get-AnsibleLocalGroup can take SIDs (Fix ansible-collections#153)

First implementation: intent was to be fully backwards compatible with the previous behavior - but some may consider it a bit ugly

plugins/modules/win_user.ps1

@@ -58,17 +58,60 @@ $ADS_UF_PASSWD_CANT_CHANGE = 64
 $ADS_UF_DONT_EXPIRE_PASSWD = 65536
 $ADSI = [ADSI]"WinNT://$env:COMPUTERNAME"
 
+Function Test-IsValidSecurityIdentifier {
+	[CmdletBinding()]
+    [OutputType('System.Boolean')]
+    param (
+        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
+        [String]
+        $InputObject
+    )
+
+	process {
+		try {
+			$sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $InputObject
+			return $true
+		} catch {
+			return $false
+		}
+	}
+}
+
+Function Convert-SecurityIdentifiertoBinary {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [String]
+        $InputObject
+    )
+
+	if (Test-IsValidSecurityIdentifier -InputObject $InputObject) {
+		$sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $InputObject
+		$GroupSIDBinary = New-Object byte[] -ArgumentList $sid.BinaryLength
+		$sid.GetBinaryForm($GroupSIDBinary, 0)
+
+		return $GroupSIDBinary
+	}
+}
+
 Function Get-AnsibleLocalGroup {
     [CmdletBinding()]
     param (
         [Parameter(Mandatory=$true)]
         [String]
         $Name
     )
+
+	$binarySid = Convert-SecurityIdentifiertoBinary -InputObject $Name
 
     $ADSI.Children | Where-Object {
-        $_.SchemaClassName -eq 'Group' -and $_.Name -eq $Name
-    }
+		$_.SchemaClassName -eq 'Group'
+	} | Where-Object {
+		$_.Name -eq $Name -or (
+			# SID matching logic
+			$binarySid -and ($_.objectSid | Foreach-Object { [System.Linq.Enumerable]::SequenceEqual([byte[]]$binarysid, [byte[]]$_) }) -contains $true
+		)
+	}
 }
 
 Function Get-AnsibleLocalUser {