Active Directory and Local Admin account

I am guessing you used the same name for the local admin account that you used in AD? If so, then you are likely authenticating to the domain but being dropped into the local admin's account. Try this.

Pull the ethernet cable and reboot.

Now try and log in as the local admin. What are the results?

If you have a name conflict, then the best advice is to change the name of the local admin account. You did not name it administrator, did you?

I understand it is local. But, if I create a local account named mmonaro and there is a domain account named mmonaro, then which one wins? There are cases in which what you describe could result from a name conflict. Consider this. The local Admin account has a UID of 501 and some GUID value generated at account creation. At that time, the home folder was created and permissions were set to the GUID value of the local admin account. Then the machine was bound to a domain that happen to have an account with the same name but different GUID. So, the issue could be that you are logging in to the machine using the short name and possibly the same password (bad idea) and instead of giving you the rights to the local admin account you are pulling the GUID value of the domain account. But, you are mapped to the same home folder since the name is the same.

This is a theory but based on what you've described and what I've seen in the past, this sounds like a plausible explanation for your woes.

I was having this issue up until about 15 minutes ago and had in fact created a local admin account named "Administrator". I was able to get into that local admin account by unplugging from the network and then re-created my local admin account with a username of "admin". Rebooted and still could not get into the local admin account. Unplugged again and was able to log into the local admin account after reboot. I also could not log into my personal domain account as a side issue. This was also related to using a local account of the same name which wasn't completely deleted after creating an image of my profile.

Once logged into the local admin account, I then plugged in the ethernet cable while on the User and Groups section of Sys. Prefs. > Login Options and an option appeared to allow network users to login at login window with a line through the selection button. I clicked on option and saw no users or groups where selected. I changed it to all network users and rebooted connected to the network. Once I did that, I was both able to login to my personal domain account as well as the local admin account. I have no idea if that is the solution or the client just need a couple more reboots for everything to settle but it seems to be functioning.

I just checked a 10.6.8 client and it has the same option to allow network users login privileges, although in a slightly different place, but by default all network users are selected. I am positive I did not change this manually on this client. I also use an edited APS script for binding clients to AD, adding a firmware password, the location for apple computer accounts in AD, and adding AD groups allowed to manage apple clients. This is the first Lion client I've used with the script so maybe there is something in there that needs to be explicitly set to allow network users login rights.