Resolution
Built-in accounts are part of a special container called 'BUILTIN'. This includes the local groups that exist on a default NT installation, such as Administrators (SID: S-1-5-32-544), Print Operators (SID: S-1-5-32-550), etc. These groups have a special SID that is the same on every machine (therefore they don't need to be migrated).
Well-known accounts have SIDs that identify generic users or generic groups. Such would include the global groups (Domain Admins (SID: S-1-5-domain-512), Domain Users (SID: S-1-5-domain-513), Domain Guests SID: S-1-5-domain-514, Administrator (SID: S-1-5-domain-500), and Guest (SID: S-1-5-domain-501). They have a Well-known RID (last part of the SID), but their SID also contains domain-specific information.
Based on the definitions of 'Well-known' and 'Built-in' accounts, we can see how it looks below:
- 'Domain1\Administrators' and 'Domain2\Administrators' will always have the same SID (S-1-5-32-544 is the SID for BUILTIN\Administrators).
- 'Domain1\Domain Admins' and 'Domain2\Domain Admins' will have different SIDs, although both will end with the same RID (512).
Microsoft defines 'Well-known' accounts and lists them in the Knowledge Base article Q243330.