The default behavior of a Windows Server NT4 through 2008 based domain is to allow a Domain Admin account to manage Windows clients. A number of environments have been moving over to using the PDC emulator on Mac OS X as a means of replacing aging Windows servers. One of the biggest annoyances is that the Open Directory administrative accounts they use to bind the Windows computers to are not local administrators. When you bind Mac OS X to Active Directory you can specify which Active Directory groups are administrators of Mac OS X client systems so you would imagine you can do the same thing on an OS X…