I ran into this issue as well, and Geoff Bland's solution worked for me. However, I found a way to make it even better and not have to reset any permissions! I don't know if it will work for everyone, but it worked for me and all my AD users and groups kept the same uids.
First you need the uid of any AD user - you can get this with 'wbinfo -i <username>' or by looking at file permissions ('ls -n' will show the numeric user IDs instead of converting them).
Then you need the RID of that user. You can get the RID with 'wbinfo -n <username>' or in active directory look at the objectSID property for the user. The RID is the last section of the SID.
In my system:
UID for my user is 1161823314
SID for my user is S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106, so my RID is 1106.
Subtract the RID from the UID. That gives me 1161822208. I don't know if that number will be different for everyone. I'm guessing it will be.
Then set the start of the range for the id mapping to that value. The rid mapper adds your RID to the low end of the range, so all your uids should match what they used to be.
Same as in Geoff's solution, edit /boot/config/smb-extra.conf and add this to the [global] section:
# Override unraid's use of the broken idmap_hash plugin for mapping AD SID -> uid.
idmap config * : backend = tdb
idmap config * : range = 1000-7999
idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range = 1161822208 - 4000000000
Then reboot the server. Just restarting samba doesn't work, and I didn't fight with it long enough to figure out why. But rebooting does work.
Once that's done, you can run 'testparm' to see the final configuration samba is using. It should include your idmap config lines, and should NOT include the default 'idmap config * : backend = hash' anymore.
Test your users with 'wbinfo -i username' and make sure their user IDs all match what they were before, and that any broken users work now. No need to reset any file permissions!