I have logged in as an active directory domain user. When i lock the mac and unlock with Touch ID the following event is logged.
<subject audit-uid="-1" uid="root" gid="wheel" ruid="root" rgid="wheel" pid="318" sid="100000" tid="0 0.0.0.0" />
<text>Touch ID authentication</text>
<return errval="success" retval="0" />
<identity signer-type="1" signing-id="com.apple.biometrickitd" signing-id-truncated="no" team-id="" team-id-truncated="no" cdhash="0x8b061a4cd6a37b9228d5b894cc269aaa32ef8051" />
</record>
This logs the subject as root rather than as the domain user through which i have logged in through. This is not the case when i use password log in.