I found following page with documentation: http://support.microsoft.com/kb/243330. Now there is a mysterious domain string in SID. I understand that when I want to use this sid with this mysterious string I should replace it with a correct domain SID. The question is where can I find this domain SID that I can put into the SID for system administrator (for example) in order to be able to check some rights later.
SID example: S-1-5-21domain-500.
This domain identifier probably should be in xxxxxxxxxx-xxxxxxxxx-xxxxxxxxx format.