Wouldn't varchar(255) generally be enough to handle the SID from AD? IIRC (feel free to call me out badly if I'm wrong), Microsoft uses their standard GUID format, so it'd be something along the lines of "C8535E2E-148D-494d-8E9A-71FC46649B5E?"
Yeah, I seriously doubt any system is going to have a unique identifier longer than 255 characters. I know after this is implemented I'll find some crazy organization doing this though ;) (like the one that had a user with over 500 groups - crazy).
Respectfully,
Ryan Lane