A SID becomes “orphaned” when it is used in an ACL entry, but the corresponding object (computer, user or group) no longer exists in Windows.
In Windows, these entries can be identified by the text “Unknown account (S-1-5-…)” appearing instead of the object name. This indicates that the specified SID can no longer be translated to a user or group.
Orphaned SID entries are not harmful per se, but they are of no help at all to maintaining an overview of the situation. In fact, they make it really hard to keep track of who has access to what resource.