Using the corrected version of SubInAcl, you can remove invalid domain SIDs from your file system permissions.
The syntax is:
subinacl /subdirectories <FileSystemObject> /cleandeletedsidsfrom=<NetBIOS_Domain_Name>
Example:subinacl /subdirectories C:\*.* /cleandeletedsidsfrom=JSIINC
The default is to scan the entire security descriptor, but you can specify \[=dacl|sacl|owner|primarygroup|all\] after the domain name.
NOTE: If the owner SID is removed, it is replaced with the Administrators group. If the Primary Group is removed, it is replaced with the Users group.