Hey,
You must not mix Windows-based AD DCs and Linux/Samba-based AD DCs in the same domain. Not only isn’t it supported by Univention, it also simply won’t work properly. Most pressing concern is lack of sysvol synchronization between WIndows-based AD DCs and Samba-based AD DCs: meaning your GPOs, for example, will only ever reside on your Windows AD DC and never get synced to your Samba AD DC. Your Samba AD DC is therefore not a full AD DC.
The situation would be different in a pure Univention environment as Univention has implemented a sysvol synchronization mechanism between all UCS-based Samba AD DCs, meaning that an environment consisting of multiple UCS Samba AD DCs is completely fine. Just don’t mix Windows-based and Samba-based ones.
m.