I have logged in as an active directory domain user. When i lock the mac and unlock with Touch ID the following event is logged. <subject audit-uid="-1" uid="root" gid="wheel" ruid="root" rgid="wheel" pid="318" sid="100000" tid="0 0.0.0.0" /> <text>Touch ID authentication</text> <return errval="success" retval="0" /> <identity signer-type="1" signing-id="com.apple.biometrickitd" signing-id-truncated="no" team-id="" team-id-truncated="no" cdhash="0x8b061a4cd6a37b9228d5b894cc269aaa32ef8051" /> </record> This logs the subject as root rather than as the domain user through which i have logged in through. This is not the case when i use password log in.