Posting the solution to my own issue here.
To reset the permissions on Shares so they can be reapplied by Windows Domain with SMB do the following.
For this example we assume a share named Music needs the permissions resetting.
All this will be done from the UNRAID web console, the UNRAID Terminal (accessed from the >_ icon on the UNRAID web console) and the File Explorer on the Windows Domain Server.
1. Backup the old Music share by renaming it Music_OLD
2. Create a new share called Music
3. For now set the SMB security settings on the new Music share to "Public".
4. From the UNRAID terminal, copy the files from the Music_OLD to the new Music with the following cp command, this make take some time depending on the number of files. Also ensure you have enough disk space for the copied share.
cp -R /mnt/user/Music_OLD/* /mnt/user/Music
5. Once all the files are copied over check the ownership of the new Music folder as follows, the directory is shown as the ./ entry and here the user is bob and the group is domain users. We know this new share is accessible to the domain so we can now just copy this.
root@UNRAID01:~# ls -la /mnt/user/Music
total 24
drwxrwx---+ 1 bob domain users 69 Mar 1 13:12 ./
6. Reset the ownership of all the files in the Music share as follows (note the \ to escape code a space):
chown -R bob:domain\ users /mnt/user/Music
7. {Optional step} Now with the UNRAID web console set the SMB security settings on Music to "Private" or whatever is required.
8. {Optional step} Select the Music share in File Explorer on the Windows Domain Server right click & select Properties. On the Security tab set the required access rights.
There is probably a shorter, better way of doing this but I didn't find one (chown on the original directory did not seem to work).