yes, the missing sysvol replication is the big hurdle. Samba simply doesn’t support it at the moment, mostly due to the nature of Linux user & group IDs being assigned dynamically and therefore differently on each Samba AD DC in the general case. While this is not the case on Univention where the DC Master assigns those and manages them identically across all UCS servers, Samba simply still doesn’t do sysvol replication.
Univention does have an rsync-based replication mechanism in place, but that only synchronizes across all UCS/Samba DCs. That doesn’t solve the much bigger issue of syncing the sysvol between Windows and Samba DCs.