If the patch can be successfully installed on non-DC systems, then the relevance looks to be correct.
Consider scenarios where you may want to promote a system to a domain controller with kerberos. You’d want to be able to have that patch installed and the issue fixed beforehand.
