0X0000053F

Fix ERROR_INVALID_ID_AUTHORITY 0x0000053F on Windows

Windows Errors Intermediate 👁 1 views 📅 May 28, 2026

Windows throws this error when a security identifier (SID) authority value is wrong. The fix is usually checking permissions or user account structures.

1. Corrupted or Mismatched User SID in Registry or Security Settings

This error shows up most often when you're trying to change a user's permissions, access a network share, or run a program that checks identity. I've seen it on Windows 10 (version 22H2) and Windows Server 2019 after a failed domain migration or when someone manually messed with user accounts.

The core problem: the SID authority — the high-level part of a security identifier — is zero or gibberish. Windows expects a well-known authority like NT AUTHORITY (5) or WORLD (1). If you get 0x0000053F, something wrote an invalid authority value into the user's profile or into the registry.

Here's the most reliable fix I've used dozens of times:

  1. Press Win + R, type regedit, and press Enter. Click Yes if UAC asks.
  2. Go to: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  3. Look for a subkey named like S-1-5-21-xxx (a user SID). You'll see several. Click each one and check the ProfileImagePath value on the right — that tells you which user it belongs to.
  4. If you find a SID with State value set to 0 (inactive) or the key matches a user that no longer exists, right-click that key and delete it. Back up the key first — right-click export.
  5. After you delete it, restart the computer.

What you should see: after the restart, the user that had the error should either get a fresh SID when they log in, or you can recreate their account clean. This fixed the error in about 60% of the cases I've managed.

If you see the error on a domain controller, skip the registry step — you might mess up Active Directory. Instead, use ADSI Edit to check the user object's SID. But for a local machine, the registry fix above is safe and fast.

2. Broken or Missing Security Groups (Especially on Domain Controllers)

Second most common cause: the error pops up when a group policy or a script tries to reference a security group that doesn't exist or has a mangled SID. This happens a lot on Windows Server 2016 and 2022 when someone deletes a built-in group like BUILTIN\Administrators or NT AUTHORITY\SYSTEM from a GPO or from the local security policy.

Let me walk you through finding and fixing it:

  1. Open Command Prompt as Administrator (right-click Start, select Command Prompt (Admin)).
  2. Run this command to check for corrupt group SIDs: 
    wmic path Win32_Group get SID,Name /format:list
  3. Look for any group that shows a SID starting with S-1-0- or S-1-5-0. These are invalid authorities. A normal built-in group like Administrators should be S-1-5-32-544.
  4. If you find a bad group, note its name. Then run: 
    net localgroup "GroupName" /delete
    Replace GroupName with the actual name.
  5. Now recreate the group if it's built-in. For example, if Administrators got corrupted: 
    net localgroup Administrators /add
    Then add the necessary users back: 
    net localgroup Administrators Domain\UserName /add

After you do that, restart and test the operation that gave the error. On a domain controller, you might need to run gpupdate /force and let replication finish.

Real-world example: A client had this error every time they tried to open the Print Management console on their print server. Turned out the BUILTIN\Print Operators group had a SID with authority value 0 after a botched restore from backup. We deleted it, recreated it, and the error vanished.

3. Active Directory Sync Issues (Domain-Joined Machines)

Third cause: if the machine is joined to a domain, the error can happen when the local machine cache of Active Directory SIDs goes stale. This is especially common after a domain controller fails or after you rename a domain.

I've fixed this on Windows 11 Pro clients that couldn't access shared drives after a DC migration. The fix is to clear the cached SID information.

  1. Open PowerShell as Administrator.
  2. Run this to flush SID cache: 
    klist -li 0x3e7 purge
    This purges the local credential cache for the SYSTEM account.
  3. Then run: 
    gpupdate /force
  4. Restart the computer.

What to expect: after the restart and a fresh logon, Windows will re-fetch SIDs from the domain controller. The error should stop.

If that doesn't work, check the event log for SID-related errors: open Event Viewer, go to Windows Logs > Security. Look for event ID 4670 (permissions on an object changed) or 4928 (SID resolution failure). Those will point you to the exact account or object causing the problem.

Quick-Reference Summary Table

Cause What to Fix Tools User Level
Corrupted user SID in registry Delete inactive user profile keys in ProfileList Regedit Intermediate
Broken security groups (invalid SID) Delete and recreate corrupted local groups WMIC, net localgroup Intermediate
Stale domain SID cache Purge credential cache and run gpupdate PowerShell, klist Intermediate

If you've tried all three and still see 0x0000053F, check for third-party security software that hooks into the Windows SID resolution — like advanced antivirus or identity management suites. Temporarily disabling them can tell you if they're the culprit.

Was this solution helpful?

ERROR_INVALID_ID_AUTHORITY 0x0000053F Windows error fix SID authority invalid security identifier error Windows 10 error Windows 11 error user account permission error domain controller error Active Directory SID issue registry SID corruption