Your post highlights one of the many challenges with deploying Server Management in an enterprise-level deployment. Our NT team had similar concerns to yours around managing the domain controllers, and rightly so - patching could potentially reboot a server, and, if incorrectly timed, affect network availability.
If you are moving forward with DC agent deployment, ensure that those particular servers live off in an isolated secure collection. If you're creating Asset identities for them in the CMDB, limit availability to manage or change the status of those assets to your Domain Management team.
If your administrative team is resistant to the idea of installing the agent, offer the manual, script based inventory gathering as a possible alternative to keep your CMDB data current.
Hope that helps.