A user in our company has special requirements regarding hardware and particularly software. He brings his own PC with many specialized software tools into the company, and moves his files back and forth individually between his PC and the company WiFi for editing. He is not allowed to connect his PC to the company LAN/Domain.
Is there any way we can integrate his PC into our domain in such a way that he remains local administrator on his PC, without compromising the security of our domain network?
I found something along these lines here, but it's already a bit older. Maybe someone has a newer view on how we could proceed to do this.
Another approach seems to be described here. Not sure whether we'd need that script approach since it is one such user only for us.
Joining his computer to your domain has no bearing on the local user accounts. If he has a local user account that is in the local Administrators group now he'll still have it after joining it to your domain.
You can create a Folder with less GPO or none of it inherited to the folder, and put his AD user inside, this way the user can have mostly admin rights on his device and also get the privileges to be joined to your domain.