[Samba] security implications of joining machine to domain

[Marcus Blomenkamp]

Hi folks.

Can anybody give some facts about $SUBJECT? I have Samba3 running as PDC. I 
joined my machines (windows and unix) to the domain using the configured 
administrative account. Is the machine accounts created in this step given 
kind of privilege 'boost' over common user accounts? 

Supposed the client machine did not cache the entered administrative 
credentials, is the machine itself theoretically capable of modifying all 
accounts data (such as password hashes) then? Or is an infected machine only 
dangerous for logged into itself?

Appreciating any input, Marcus