We read above the statements from Microsoft and Samba. Another point is RHEL does not ship the DC components with samba RPMs.
Sernet RPMs were no longer available for free, since this spring.
The container solution (systemd-nspawn, a “chroot with steroids”) was the simplest way to install a third-party RPM that depends on Heimdal Kerberos without modifying the existing file server configuration too much. Indeed it reduced the size of our code a lot!
The third-party RPM actually is a vanilla compilation of Samba sources.