3.1.1.3.1.2.5 Alternative Form of SIDs
Attributes of String(SID) syntax contain a SID in binary form. However, a client can instead specify a value for such an attribute as a UTF-8 string that is a valid SDDL SID string beginning with "S-" (see [MS-DTYP] section 2.4.2.1). The server will convert such a string to the binary form of the SID and use that binary form as the value of the attribute.