IT is not a capability issue to run AD in a conatiner but a licensing issue. Microsoft will not let you run windows in a container to support Microsoft services.

https://learn.microsoft.com/en-us/virtualization/windowscontainers/images-eula

"Use Rights. The Container Image may be used to create an isolated virtualized Windows operating system environment to which primary and significant functionality is added (“Consolidated Image”). You may use the Container Image to create, build, and run your Consolidated Image on Host Software and distribute the Container Image only as part of your Consolidated Image. Updates to the Host Software may not update the Container Image so you may re-create any Windows containers based on an updated Container Image."