can't set permissions from AD on samba share on host

So I have been searching for a few days to set up this "easy" thing. I want to have a file server where users can login with there domain name (domain\name) and password. The server should give them access to a single directory based on their name. A few admin's (or local users) should be able to access them. This worked, however I was working on a virtual machine, and following multiple half deprecated guides. So I replicated my steps on a fresh machine but can't get it to work. (both Centos 7.2 up-to-date)

My method in short :

• set up timezone
• install krb5-workstation and set it up kinit [email protected]
• install samba samba-winbind-clients set it up (see config below)
• net ads join -U [email protected] (successful; see below)
• start services smb, nmb and winbind
• added winbind in /etc/nsswitch.conf to passwd, shadow and group
• tested domain users : wbinfo -n user and wbinfo -g (groups)

the result of join :

Enter [email protected]'s password:
Using short domain name -- DOMAIN
Joined 'SERVER' to dns domain 'domain.url'
No DNS domain configured for server. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER

config for samba :

[global]
        netbios name = SERVER_NAME
        workgroup = DOMAIN
        realm = DOMAIN.url
        server string = Samba Server Version %v
        security = ADS
        allow trusted domains = No
        obey pam restrictions = Yes
        password server = first.domain.controler.url
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        preferred master = No
        idmap backend = idmap_rid:acme=16777216-33554431
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config * : range = 16777216-33554431
        idmap config * : backend = idmap_rid:acme=16777216-33554431
        cups options = raw

[microsphere]
        root preexec = bash -c '[[ -d /data/%U ]] || mkdir -m 0700 /data/%U && chown %U:"Domain Users" /data/%U'
        comment = Home Directories
        valid users = "@DOMAIN+Domain Users"
        admin users = "@DOMAIN+Domain Admins"
        path = /data
        read only = no
        create mask = 0600
        force create mode = 0600
        directory mask = 0700
        force directory mode = 0700
        hide unreadable = Yes
        access based share enum = Yes

All of this seems to work oke :

wbinfo -n test
S-1-5-21-999108875-1658920850-184960113-4061 SID_USER (1)

Check if group is there : getent group "Domain Users" domain users:x:4294967295:

However on the "clean" server, the permissions are never set correctly. The directory is created, but the permissions are not set correctly. Also doing them manually refuses to. (note : /data is on the root partition, nothing external)

[root@server data]# chown -v test."domain users" test/
ownership of ‘test/’ retained as root:root
[root@server data]# ll
total 1
drwx------ 2 root root 3 Aug 11 09:43 svenn
drwx------ 2 root root 2 Aug 11 09:48 test

Whats going on ?