Last week, in a study group session we were having a discussion about the notion of a SID or Security Identifier and a GUID or Globally Unique identifier. In the group it was suggested that these are one and the same, this did not sit right with me for several reasons. We were talking within the context of active directory so I will use that as my frame of reference.
SID and GUID are NOT the same thing. Every objects whether it be a user accout, computer account, file, printer has a SID. This is the point of reference where ACE (access control entries) are made. These define what actions can and cannot be taken on objects. A collection of ACE's form an ACL (access control list). Witihin the context of Active Directory, a GUID is the 128-bit hexadecimal number representing the object within Active Directory. When an object like a computer account or user account is added to a domain withing Active Directory, the SID is used to define the GUID. From that point on, as long as that object exists, the GUID never changes.
Now, suppose we have to move the object from one domain to another, I'll refer to a computer account in this example. When the computer is moved from one domain to another, it's SID must change because the domain is the boundary within active directory where security is evaluated. The previous SID is still retained but it gets copied to a property for the object called SID-history. This property can contain multiple values.
Source: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsce_ctl_yicc.mspx?mfr=true