I think you need to read The Machine SID Duplication Myth:
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
Machine SIDs and domain SIDs/RIDs are two different things, which is why you see two different things when you run a local tool on the machine, versus an Active Directory Powershell cmdlet. A couple of notes from the comments of that blog post that you should read:
Mark Russinovich: You're granting access to the computer's Domain SID, not its
machine SID. Like users, computer accounts in a Domain have passwords,
but the passwords are managed by the Domain.
Mark Russinovich: yes, with the exception that machine SIDs are used as the basis for Domain SIDs, machine SIDs could have been a constant.
Also, Mark's buddy Aaron wrote a nice complement piece on the distinction between local machine SIDs and domain SIDs:
http://blogs.msdn.com/b/aaron_margosis/archive/2009/11/05/machine-sids-and-domain-sids.aspx
Aaron Margosis: You can see the machine SID on your computer by
running Sysinternals PsGetSid with no parameters. You can see the
second SID on a domain-joined system by passing PsGetSid the computer
name followed by a $: psgetsid %COMPUTERNAME%$