Sorry, here the conf:
# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
Server role: ROLE_ACTIVE_DIRECTORY_DC
# Global parameters
[global]
dns forwarder = 8.8.8.8
ldap server require strong auth = No
load printers = No
passdb backend = samba_dsdb
printcap name = /dev/null
realm = MYTLD.AT
server role = active directory domain controller
template shell = /bin/bash
usershare path workgroup = BUERO
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
sdb:schema update allowed = no
idmap config * : backend = tdb
map archive = No
vfs objects = dfs_samba4 acl_xattr
[netlogon]
path = /var/lib/samba/sysvol/mytld.at/scripts
read only = No
acl_xattr:ignore system acls = Yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acls = Yes
[rsnapshots]
path = /mnt/rsnapshots/rsnapshots
valid users = @rsnapshots