samba - Nov 2018 - Domain Admins default ownership is BUILTIN\Administrators

I've now spun up a second DC ready for a migration from an old DC. Just
checking over a few things and have hit this problem:

Objects created by Domain Admins members default to ownership by
BUILTIN\Administrators.  So, when JohnDoe is logged on as JohnDoe and creates a
file, its ownership becomes BUILTIN\Administrators.

I've played with perms for over an hour and cannot make any sense of this? I
cannot see where/why it is defaulting to this account??

\data is chmod 2755 owned by "SAMDOM\JohnDoe":"SAMDOM\Domain
Admins".   Resulting files are 755 owned by
"BUILTIN\Administrators":"SAMDOM\Domain Admins"


[global]
        netbios name = SAGAN
        realm = SAMDOM.INTRA
        server role = active directory domain controller
        workgroup = SAMDOM
        idmap_ldb:use rfc2307 = yes

template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
   winbind nss info = rfc2307
        winbind enum users = yes
        winbind enum groups = yes


[netlogon]
        path = /var/lib/samba/sysvol/acasta.intra/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[data]
        path = /data
        read only = No


--
Rob Mason


Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified
QGCE013.
Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered
934 6797 75.