So here is the log for check_join_status.log

LDAPv3

base <dc=yyy,dc=zzz> with scope baseObject

filter: (objectclass=*)

requesting: ALL

yyy.zzz

dn: dc=yyy,dc=zzz
objectClass: top
objectClass: krb5Realm
objectClass: univentionPolicyReference
objectClass: nisDomainObject
objectClass: domainRelatedObject
objectClass: domain
objectClass: univentionBase
objectClass: univentionObject
dc: yyy
univentionObjectType: container/dc
krb5RealmName: yyy.zzz
nisDomain: yyy.zzz
associatedDomain: yyy.zzz
univentionPolicyReference: cn=default-settings,cn=thinclient,cn=policies,dc=yyy,dc=zzz
univentionPolicyReference: cn=default-settings,cn=pwhistory,cn=users,cn=polici
es,dc=yyy,dc=zzz
univentionPolicyReference: cn=default-users,cn=bbbb-settings,cn=users,cn=poli
cies,dc=yyy,dc=zzz

search result

search: 3
result: 0 Success

numResponses: 2

numEntries: 1

Joined successfully

Joined successful yet message in gui states differently. UCS server is in AD as a computer after the run to join.

samba.sync.log file is empty. Accounts are not being synced. Is the sync immediate? Is the message in the gui bogus and I just need to wait a while for the accounts to sync?

The ad-connector-certificate.log is empty

One thing still bothering me. when I ssh to UCS and I dig/nslookup the ad server both by name and by IP the UCS resolves my ad server. The UCS is using the AD server to resolve. Yet when I run the join it needs to IP to start join. When I enter the FQDN is does not work.

Thanks everyone for your help