The thing I don’t understand in your question is why you are using RIDs to distinguish users and groups. The objects are from different classes so they are naturaly distinguished.

In Win32 programming you can just use :

BOOL WINAPI LookupAccountSid(
  __in_opt   LPCTSTR lpSystemName,
  __in       PSID lpSid,
  __out_opt  LPTSTR lpName,
  __inout    LPDWORD cchName,
  __out_opt  LPTSTR lpReferencedDomainName,
  __inout    LPDWORD cchReferencedDomainName,
  __out      PSID_NAME_USE peUse
);

This API comes from Authorization Functions to retrieve in peUse if the SID is a User or a Group.

Using the .NET Framework (C#) the SecurityIdentifier can be used to determine if the SID represent a valid domain account.

Last thing : the way that is commonly use to distinguish objects in a directory is the objectGUID attribute. This attribute is present in each object. So you can retreive objects from Active Directory Service Interface (ADSI) using SIDs or GUIDs

"LDAP:///<GUID={28c67c50-9778-47a4-a77a-bf56f238a0c4}>"

or

"LDAP:///<SID=S-1-5-21-500000003-1000000000-1000000003-1001>"

(Edited after your comment)
As far as I know, duplicated RID inside a domain is considered as an exception explained by the lost of a domain controller that serves the role of Relative ID (RID) Master. Perhaps it exists hack tools that are able to patch the AD database to change SIDs but I don’t know them.

Be careful, RIDs may be duplicated in other domains. If you’ve got subdomains or other trees in you forest, you can find again the same RIDs with different sub-authorities (potentialy in the same ACL)

I found also duplicated in computer SIDs but it was due to bad Ghost usage.