Convert-Principal does not fail on unresolved identity

[FriedrichWeinmann]

When invoking an access rule where it tries to create a new access rule, it resolves that accessrule identity using Convert-Principal.
When translating a name fails, it falls back to using Get-ADObject with an ldap filter.
If that fails to find an object, it will return empty and not lead to an error.

Following that, the access rule creation fails with a constructor error, as it gets a null-identity!