Remove orphaned SIDs from ACL

My AD group has been going through and reorganisation groups and members and have left the ACLS on my SMB shares in a mess with orphaned SIDs.  Has anyone found a way to remove the ACLs via a SID instead of a user or group from the command line?

Example:"

XXXXXXX-9# ls -lead . |grep -i SID
 9: SID:<SID> allow std_synchronize,list,traverse 

XXXXXXX-9# chmod -a SID:<SID> allow std_synchronize,list,traverse .
chmod: ACE must begin with 'user', 'group', 'everyone', 'creator_owner', 'creator_group', or 'owner_rights': Invalid argument