I suddenly had an after thought so I thought I would post so it gets to your attention.
Its great that you have postfix setup to externally authenticate to the zentyal box.
I was just thinking actually I wouldn't do it that way Samba4 is really light and the directory replication works really well.
I would probably be more inclined to install just samba4 on the postfix server and set it as an ADC to the zentyal.
That way if the zentyal box goes down you have the choice of FSMO roles and postfixes continues to run.
Also if you rsync sysvol after FSMO the postfix box would act as a backup client authentication server.
You probably have excellent and correct choices for your system but I thought I would mention it.
The extra schema of Zentyal on the PDC will replicate automatically to all ADC's.
I use the sernet binaries
http://www.enterprisesamba.com/samba/ as the standalone AD is amazingly light.