The solution was simpler than anything I was looking for. The user
"MYDOMAIN\marcori" can be a domain administrator and a schema
administrator, but he does not have sufficient rights to join an
existing directory. By using the Administrator account, everything works.

Similarly, the creation of the kerberos ticket was not functional. So no
ticket, no domain. However, before joining the domain, I followed the
tutorial explaining how to downgrade the schema to Windows 2008R2. It
works fine and my AD Samba now replicates Microsoft AD.

