diff --git a/src/Producers/ComputerFileProducer.cs b/src/Producers/ComputerFileProducer.cs
index 369525e..8cccf66 100644
--- a/src/Producers/ComputerFileProducer.cs
+++ b/src/Producers/ComputerFileProducer.cs
@@ -46,7 +46,7 @@ public override async Task Produce()
                     string sid;
                     if (!computer.StartsWith("S-1-5-21"))
                         //The computer isn't a SID so try to convert it to one
-                        sid = await Context.LDAPUtils.ResolveHostToSid(computer, Context.DomainName);
+                        sid = await Context.LDAPUtils.ResolveHostToSidWithHostnameFallback(computer, Context.DomainName);
                     else
                         //The computer is already a sid, so just store it off
                         sid = computer;
diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs
index 7ec9e48..e686033 100644
--- a/src/Runtime/ObjectProcessors.cs
+++ b/src/Runtime/ObjectProcessors.cs
@@ -638,6 +638,13 @@ private async Task<EnterpriseCA> ProcessEnterpriseCA(ISearchResultEntry entry, R
                 {
                     ret.HostingComputer = await _context.LDAPUtils.ResolveHostToSid(dnsHostName, resolvedSearchResult.Domain);
 
+                    // If we don't resolve a SID to this CA, throw it out
+                    if (ret.HostingComputer == null)
+                    {
+                        _log.LogWarning("Unable to resolve Enterprise CA host to SID.", dnsHostName, resolvedSearchResult.Domain);
+                        return null;
+                    }
+
                     CARegistryData cARegistryData = new()
                     {
                         IsUserSpecifiesSanEnabled = _certAbuseProcessor.IsUserSpecifiesSanEnabled(dnsHostName, caName),