Snekul - I agree. Our company has 80,000 users and only 20 domain admins. And none of them have desktop AV responsibilities. Domain admin is also audited (PCI etc) and reported to the head of Identity management.
It's not hard to build out a local admin structure. In my company, we add various domain-based groups to the local admin group. e.g. in the domain/AD we have LCLAdmin_FEInstall, LCLAdmin_Helpdesk, etc. We then add non-privledged domain user accounts to the appropriate domain-based group. We have background processes that manage the groups (e.g. when your cost center <> helpdesk cost center you are automatically removed from the LCLAdmin_Helpdesk group.
The workstation build process adds the appropriate domain LCLADMIN_* groups to the local Administrators groups. (e.g. LCLAdmin_FEInstall is never a local admin on a server build).
Piece of cake to manage.