With Samba it's currently possible to create (or edit) a user's userprincipalname attribute with a value that already exists in the domain. This results in non-unique "userprincipalname" attributes and MUST be forbidden. A Windows AD controller does not allow this.
Thank you for your report. We are aware that Samba does not implement this Windows 2012 feature. We look forward to addressing this in the medium term. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c154285-454c-4353-9a99-fb586e806944 In the meantime we thank you for your patience. Thanks, Andrew Bartlett