"How domains work" has filled books guaranteed to put you to sleep. It sounds like you just need a bit of info as it pertains to domain accounts vs. local accounts.
Like you mentioned and like the name implies, a local account is good for doing stuff on the local computer (plus a few things the the domain admins might allow - like surfing the web).
And a domain account is good for doing stuff that requires you to identify yourself to the resource (printer, share drive,...).
Most likely, the IT staff start people out as standard users and then wait for them to ask to be admins. (Or they assume that users will just add their domain account into the admin group). You should ask your IT staff if you can add your domain account to the admin group on your computer. If they say no, then ask them how to handle the situations where you have been logging off and back on just to get stuff done.
If you don't know how to add your domain account to the admin group on your computer - let them show you how.
The domain admins are admins of your computer now and as such can get to most anything. Will they? Probably not. They have work to do.
If you want to keep them out of certain areas: TrueCrypt - Free Open-Source Disk Encryption - Documentation - Tutorial
...or a product like that.