After the first Windows Server 2012 or 2012 R2 DC was joined, you can this one as replication partner when joining further Windows DCs. Kerberos requires that the domain member and the domain controllers (DC) are having a synchronous time.
Before continuing, you must have an existing Active Directory domain, and have a user with the appropriate rights within the domain to: query users and add computer accounts (Domain Join).
This document is not an intended as a complete guide to Active Directory nor Samba.
Before you join the domain, check the time configuration: When you join the first Windows Server 2012 or 2012 R2 host as a domain controller (DC) to an Active Directory (AD), the directory schema of the forest and domain is updated. For details how to verify and enable the share, see Enabling the Sysvol Share on a Windows DC.
You must run this process on an existing Windows 2008 or 2008 R2 domain controller (DC) that owns the following flexible single master operation (FSMO) roles: To optimize replication latency and cost, the knowledge consistency checker (KCC) on Windows DCs do not create a fully-meshed replication topology between all DCs. Samba currently does not support the DFS-R protocol required for Sysvol replication.
Following these steps will help you configure an Arch Linux host to authenticate against an AD domain.