hmm ok, weird, when i initially rolled my NS, AD installation was succesful without any issues, so not sure what you are seeing, sounds like it might well be a bug…
yep I do believe its a bug maybe in a updated package / template because krb5-server does not seem to be installing or its not expanding on a fresh install.
And this is why It fails in initial install, then you have to manually do the process me and you discovered to make it work.
And I recall when I asked you to reinstall krb5-server it was not installed I think this is the problem
krb5-server is not being installed when you create ad
yes indeed, yum -y reinstall krb5-server failed until I actually installed it via yum -y install krb5-server
This is really strange can not get it to work with the method we created to get yours going seb.
We must of missed a process we did to get yours working argghhh lol.
The solution we made works but if all the right components are installed or order it is made and processed
cos I had noticed when the sssd.conf file was empty when I expanded smb.conf and started smb the sssd.conf got data im sure I recall that happening.
I just fired up a vbox lol which I should of done from the beginning for testing purpose my raid still not finished syncing and im not reinstalling again lol
Any way im gonna use the vm for testing / development and bug fixing purposes.
Should find the actual cause and a remedy to fix it by tomorrow.
Im also gonna screen record and create snapshots every time I make a system change you can tell im a rookie lmao typical schoolboy error
Ok the problem seems to have gone away ad is working on both prod and dev
Installed with no problems on a new machine and a macine i corrupted to try to replicate the error
Can not replicate
It now installs unistalls reinstalls with no problems.
I can only put this down to a upstream problem as i have tried to replicate this and now there is no problem 
sorry for long time between replies here, I’ve gone and had disabled and re-enabled the AD feature a few times the last week, while I was making changes/tests, I’ve now settled for a different approach altogether (still using NS as my gateway/firewall, but krb5/sssd is now provided by a virtual instance of Windows Server Essentials 2016 and NS just binds into that AD), but that was really a weird one lol
I’ve also not been able to reproduce either after our initial repair(attempt)