Hello Shaunm001,
Thank you for posting in Q&A forum.
Here are the default permission entries (I mean I have never changed it) in my lab.
For "Inherited from" entries, I have only 4 entries:
Domain Admins
Everyone
enterprise domain controllers
System
It seems the "Account Unknown" SID (5623) as the owner of the records" is the owner by who changed and the "Account Unknown" SID (5623)" permission entry is added by one in the past (not the default one permission entry).
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.