[Samba] Samba AD and NIS integration

[Stephen Parry]

I have questions regarding the operation of AD and integrating NIS or LDAP with it.
I have a small heterogenous network consisting of various computing devices running either Windows 10 pro or a flavour of Linux. I am setting up a NAS box running Debian Stretch and Samba 4.5.12 to be the central file server and authenticator for the network, including LDAP aware software such as owncloud. I have carefully followed the samba.org instructions for setting up the AD including rfc2307 data, except for ignoring the recommendation regarding not running AD and file services from the same box - I cannot afford two boxes for the job and I believe I can live with the limitations if one.
Can someone please help with these questions:
1. What are the id ranges that the AD uses / expects for uidNumber and gidNumber? Is there any working way of controlling those ranges, given idmap breaks stuff? Winbind only seems to respond to id queries if the numbers are created in the correct range, but I cannot find what the exact ranges are.
2. Is there a way of making NIS use Samba AD as the central repo for user credentials? I would like to support NIS/NFS clients if possible. I am open to using LDAP/NFS instead.
3. Can someone please point me at a good guide for configuring a server so that Samba AD's LDAP can support LDAP authentication requests from other systems too?
The key point is I would like Samba to be 'king of the castle' here - for it to store and maintain the authoritative login credentials across all my systems. 
Thanks
Stephen

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.