smbadm join should not try to set TRUSTED_FOR_DELEGATION
For reasons evidentially lost to history, smbadm currently tries to enable the TRUSTED_FOR_DELEGATION flag on the active directory machine account it creates when joining a domain. This flag allows an account to take a set of credentials that were used to authenticate to a service it is providing and then turn around and use those same credentials to authenticate to another service as that user, which is very sensitive from a security perspective. There's really no reason a simple file member server should have this great level of privilege, and it drastically increases the potential impact of that server being compromised.
That code should probably just be removed, and in the unlikely scenario a use case pops up that requires it, a domain administrator can enable it via the active directory users and computers admin interface, which also allows restricting the level of delegation and other parameters which make it safer to use.
No data to display