Active Directory DNS _ldap SRV record owner is an Unknown account

Shaunm001 301 Reputation points
2024-03-11T20:37:24.6933333+00:00

While performing an audit of our AD DNS environment, we found numerous SRV records having an "Account Unknown" owner. For example, the _ldap SRV records shown below for our 4 domain controllers all show the same "Account Unknown" SID (5623) as the owner of the records. Does anybody know what the default owner should be for these records?

Untitled

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,798 questions
0 comments No comments
{count} votes

Accepted answer
  1. Daisy Zhou 18,471 Reputation points Microsoft Vendor
    2024-03-12T02:21:56.0333333+00:00

    Hello Shaunm001,

    Thank you for posting in Q&A forum.

    Here are the default permission entries (I mean I have never changed it) in my lab.
    User's image

    For "Inherited from" entries, I have only 4 entries:
    Domain Admins
    Everyone
    enterprise domain controllers
    System

    It seems the "Account Unknown" SID (5623) as the owner of the records" is the owner by who changed and the "Account Unknown" SID (5623)" permission entry is added by one in the past (not the default one permission entry).

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Marcin Policht 7,870 Reputation points MVP
    2024-03-11T21:28:01.1133333+00:00

    This should be set to SYSTEM. It's anyone's guess how this happened, but fortunately that's easy to fix


    hth

    Marcin

    1 person found this answer helpful.
    0 comments No comments

  2. Shaunm001 301 Reputation points
    2024-03-12T14:38:20.6966667+00:00

    Thanks everyone, is it the case for all SRV records under _msdcs.domain.local zone that the owner should be SYSTEM? For example, there are additional _ldap records under _tcp.gc._msdcs.domain.local that also have the same "Unknown" account as owner:

    Untitled