Is a SID with zero subauthorities a valid SID? It depends whom you ask
Here’s an interesting table.
|Function||Is SubAuthorityCount=0 valid?|
That last entry creates the unfortunate situation where a SID with no subauthorities can be converted to a string, but cannot be converted back.
If it’s any consolation, SIDs with no subauthorities aren’t encountered in normal usage, so if you ever accidentally reject one of these, it’s not going to inconvenience anyone.
Oh, and the answer to the question at the top: Yes, a SID with zero subauthorities is technically valid. It’s a degenerate case that’s not very interesting, but it is technically valid.