The software everybody is talking about here is to unlock a computer using the local administrator account by hacking into the registry using a bootable CD under a Linux-like environment. It has nothing to do with AD, domain administrator, or even a domain user on the local machine. All this info is stored in SAM in DC. A DC machine only accepts for logging on users, which are domain administrators, or delegated users with such rights (logon to the DC).

However, if the domain administrator has previously logged on to that machine, his credentials are cached under his profile on \Application Data\Microsoft\Credentials folder. That info can be further hacked using other software (I?m not going to tell you which one!) to find out the domain administrator password. But, if the admin has meantime changed his password, which is a good practice to do, the info in Credentials folder is obsolete by now.