Add Domain User Account to Local Group Windows Puppet

I am trying to set a windows domain user account to the local administrators group that according the puppet documentation is possible.

user { 'DOMAIN\user':
    groups => ['Administrators'],
}

I tried using the SID with no results. I am using the latest Puppet 2.7.19

err: /Stage[main]/Teamcity_base/User[S-1-5-21-1759977473-2015113658-625696398-26
038]/ensure: change from absent to present failed: User update failed: SetInfo
    OLE error code:8007089A in Active Directory
      The specified username is invalid.

    HRESULT error code:0x80020009
      Exception occurred.

My current workaround is a custom module to run a batch file with "net localgroup" commands:

net localgroup administrators domain\user /add

My init.pp detects changes to the batch file, using subscribe:

class admin {
  $exe_name = "add_admin_users.bat"
  $location = "puppet:///modules/${module_name}/${exe_name}"
  $on_disk = 'C:\add_admin_users.bat'

  file { $on_disk:
    ensure => file,
    source => $location,
    mode   => '750',
  }

  exec { $on_disk:
    subscribe => File[$on_disk],
    refreshonly => true
  }

}

Not ideal, since it doesn't check for existence of a user before trying to add, but close.