Quicksteps
apt install acl attr samba winbind krb5-config krb5-user
systemctl disable --now systemd-resolved.service
rm /etc/samba/smb.conf
samba-tool domain provision --use-rfc2307 --interactive
systemctl disable nmbd
systemctl disable smbd
systemctl unmask samba-ad-dc.service
systemctl mask smbd nmbd winbind
systemctl stop smbd
systemctl stop nmbd
systemctl stop winbind
systemctl enable --now samba-ad-dc.service
Note:
In order for ad idmap to work there are requirements that the user accounts have uidNumber attribute and
the primary group have gidNumber. We set the gidNumber here for Domain Users group:
samba-tool group addunixattrs "Domain Users" 10513