Novell have for some time had a whizz-bang NDS client that integrates very well with Windows. You login to the Novell login and it logs you into Windows, too. Local accounts are created automagically and as-needed. Windows administration rights can be assigned to NDS users. You can even login locally, if you have to, without the NDS login, though that needs a real local account, and you can do the NDS half separately afterwards, without logging out of Windows first.

The only reason for the god-awful scheme you described is because someone Just Hasn't Made It Work.