for now my first attempts are with SAMBA4AD
Since it is a group name, I prefer on one word, not sure about side effects 
I like KISS, so I agree to make something difficult for me, and easy for the end users.
The way I found right now is
- create the database
- inject the creation of all tables
- inject the authentication settings following the state of $sssd (ldap or Samba4 or internal account(means do nothing))
then only the admin account and the field of the website name must be created by the sysadmin.