With a managed mobile account, I am able to successfully log on via any AD account, however, both my domain and my standard account do not automatically provide admin privileges.

I have authentication from any domain in the forest checked.
I have also added variations under "allow administration by" but to no avail

I see that some examples here say to add Domain Admins and Enterprise Users or whatnot, however, our tree is setup with our variations.

for sake of anonymity, our domain forest will be called X, and everything else will be added verbatim.

X = forest
corp.X = AD domain

under corp.X, the two that I am concerned about is "Domain Admin Accounts" and "XUsers"
examples:
corp.X/Users
corp.X
corp.X/Groups
corp.X/XUsers

(just to cover my bases)

having added variations to the "allow administration by", when I log onto AD accounts, I still get only Managed, Mobile.
While having to authenticate then clicking a check box is not that big of a nuisance, I would like to find an automated approach to slow down the onset of carpal tunnel lol.

Any help is greatly appreciated.
Note, preferably I would like to do this without a script as I dont know how to script.

update: so if I give someone admin rights, manually, then delete their account, somehow it remembers that it has admin rights. tested this by deleting all my accounts and adding them again, to find that I have admin. Curiously, I had my boss log in with his credentials (he had never logged into this computer before) and he only gets Managed, Mobile.