As I understand , once we join a computer to domain , the domain administrator group will be added into local administrator group .
So, by then the local administrator can act as domain administrator to manage all the domain setting including domain GPO ?? Am I right ??? Please confirm .
If I am right, then the branch office administrator ( local administrator ) can "control" head office domain administrator jobs ???