True, there are some limitations with using the admin gui to create guest users. And you are correct about the ad vs. internal, only one can be chosen, there is no support for using a source sequence for admin access. If you use internal users, you can at least assign roles to them, so not all users haw access to changing/creating users.
It is possible to use internal users as well as AD users for admin.
I'm not actually sure whetehr it's possible to stop using Internal Users.
I have it working using both, primarily as I don't have AD credentials on customer site, so they use AD credentials and I stick to using Internal Admin User.
I still haven't understood your original question entirely, but if you select the guest username to be created based on email address (rather than first name/last name), then you can create a single username using a fictional email address, and allow the user to change the password on first login. You can then change the password to whatever you want.