Well, in Active Directory, under the domain, in Builtin there is already a group called Administrators, and in Users there are groups called Domain Admins and Enterprise Admins ...

I believe that any user who is a member of those groups will have local admin rights on any workstation they log on from. Actually I know that is true for the Builtin group Administrators, and I believe it's true for the other two groups.

What exactly are you meaning to accomplish with "a restricted group for Domain Admins"?

- Qualm