Hello there,
I just want to share some useful tips which cost me a lot of time:
If you would like to join a new UCS to an existing AD domain and it instantly fails: Check if you allowed incoming NTLM traffic at.
UCS tries to connect to sysvol via smbclient and currently this work via NTLM protocol.