Win setup fix 2.8 (#59211)

* Wrap Get-MachineSid's body in a try/catch

It's not critical information and there's been a number of issues over
the years with trying to retrieve it. If an exception is thrown just
return null.

Fixes: #47813
(cherry picked from commit b8a41a90b8)

* add changelog


(cherry picked from commit 277690bcc6)

changelogs/fragments/58483-win_setup_resilience.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- setup (Windows) - prevent setup module failure if Get-MachineSid fails (https://github.com/ansible/ansible/issues/47813)

lib/ansible/modules/windows/setup.ps1

@@ -29,6 +29,9 @@ Function Get-MachineSid {
     # only accessible by the Local System account. This method get's the local
     # admin account (ends with -500) and lops it off to get the machine sid.
 
+    $machine_sid = $null
+
+    try {
         $admins_sid = "S-1-5-32-544"
         $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
 
@@ -38,7 +41,6 @@ Function Get-MachineSid {
         $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
         $groups = $searcher.FindOne()
 
-    $machine_sid = $null
         foreach ($user in $groups.Members) {
             $user_sid = $user.Sid
             if ($user_sid.Value.EndsWith("-500")) {
@@ -46,6 +48,10 @@ Function Get-MachineSid {
                 break
             }
         }
+    } catch {
+        #can fail for any number of reasons, if it does just return the original null
+        Add-Warning -obj $result -message "Error during machine sid retrieval: $($_.Exception.Message)"
+    }
 
     return $machine_sid
 }