Active Directory users are not admins when they're offline

I have a feeling this is a dumb question but I can't seem to find the answer. I've successfully configured some 10.6 and my 10.7.1 client to join our Active Directory. I created a domain group that has admin access on every Mac and it works well. My account shows up in System Preferences as "Admin, Managed, Mobile".

HOWEVER, if I logon while I'm off the network I lose my Admin rights. I just show up as "Managed, Mobile". We have a security policy that disallows local accounts so we're restricted to Active Directory only (mainly a Windows shop).

I have a feeling that what's missing it the mapping of AD user and group attributes to local values. If we were running AD 2008 or higher, it would be easy. However, we're running 2003 AD without Unix services so we do not have the schema extensions that other posts refer to. I think that's what the problem is but I don't know how to solve it without using Likewise, Centrify or some other 3rd party tool. Any input would be appreciated.

Environment: Win 2003 AD, OSX 10.6 and 10.7, no Open Directory or UED, just AD is used for authentication.