Well the reason that only admins can add it to the domain is a security issue. They don't want "normal" users adding it to the domain. They also need to have different permissions on the domain itself so people can't arbitrarily add PCs to the domain.

It may be a Windows thing but it makes more sense than other Windows behavior.

The reason anybody can add it to a workgroup is because you don't need special permissions on a workgroup to add a PC to that workgroup.