sid::modify can be used to modify an object's SID. The command must be executed directly on a domain controller. It has the following command line argument:

• /sam: the sAMAccountName.

• /new: the new SID value. It also accepts format such as Builtin\administrators.

mimikatz # sid::modify /sam:username /new:S-1-5-21-...