Is a SID with zero subauthorities a valid SID? It depends whom you ask

Here’s an interesting table.

Function	Is Sub­Authority­Count=0 valid?
IsValidSid	Yes
Convert­Sid­To­String­Sid	Yes
ConvertString­­Sid­To­Sid	No

That last entry creates the unfortunate situation where a SID with no subauthorities can be converted to a string, but cannot be converted back.

If it’s any consolation, SIDs with no subauthorities aren’t encountered in normal usage, so if you ever accidentally reject one of these, it’s not going to inconvenience anyone.

Oh, and the answer to the question at the top: Yes, a SID with zero subauthorities is technically valid. It’s a degenerate case that’s not very interesting, but it is technically valid.