Active Roles Workflow Update activities use an internal
Base64 conversion when copying a SID value to a String. With Base64, capital and lowercase characters are differentiated as separate characters, so some converted string values may appear the same to processes that are not checking for case sensitivity, when they are actually different values based on capitalization.
For example, consider the following ObjectSid values:
S-1-5-21-2067390270-1590037439-429891395-40440
S-1-5-21-2067390270-1590037439-429891395-1744376
The ObjectSid values are different, however when converted to Base64 they are almost identical:
AQUAAAAAAAUVAAAAPt85e78Lxl5Dn58Z+J0AAA==
AQUAAAAAAAUVAAAAPt85e78Lxl5Dn58Z+J0aAA==
When using converted Base64 SID values, always ensure any automation is checking for case sensitivity. If this is not possible, it is suggested to use PowerShell to convert the SID values to a format other than Base64, or use a different attribute.