IdentityHttpClient cannot resolve identity defined at server level if not referenced at collection level

[BiribiriJaNai]

Hi,

Still pursuing my goal to automate permissions on VSTS, I'm trying to resolve identities to set permissions, or at least ignore permissions already set on some identities (declared at server level for instance).

Considering this code:

var uri = new Uri("https://<account>.visualstudio.com");
var pat = "YourPatHere";
var credential = new VssBasicCredential("", pat);
var connection = new VssConnection(uri, credential);

var identityClient = connection.GetClient<IdentityHttpClient>();
// scope at collection / default level
var collectionIdentities = identityClient.ReadIdentitiesAsync(new Guid("ae09d49d-b35f-445c-9b0d-8f1ec26d1efe")).Result;
// scope at server level
var serverIdentities = identityClient.ReadIdentitiesAsync(new Guid("7666fa45-57f1-47bc-8178-ccbdf1afef41")).Result;

On my test account, collectionIdentities contains 114 entries, serverIdentities, 118. So far so good.

Now if I want to resolve the following identity, declared at server level, and NOT referenced anywhere at the collection level:

Display name: [TEAM FOUNDATION]\Organization Users
Id: 43d6c45c-2bfd-45bf-a3fd-847e04e83987
Subject descriptor: vssgp.Uy0xLTktMTU1MTM3NDI0NS0xMTc0MDM4MTM0LTQwNDkwNTg4ODctMjE3MjE3NzU5Ny00MDU0ODM5MTA1LTAtMC0wLTAtMTE
Identity descriptor: Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1174038134-4049058887-2172177597-4054839105-0-0-0-0-11

Any call to ReadIdentitiesAsync or ReadIdentityAsync, passing the Guid or IdentityDescriptor returns null. How can I resolve such identities other than querying at server level?