The security ID structure is invalid.
When a user authenticates across a trust for which selective authentication is enabled, an Other Organization security ID (SID) is added to the user's authorization data.
This security ID may not be assigned as the primary group of an object.