Hello,
I'm HieuHoang, a System Admin.
I have 3 years of experience working with IT-Helpdesk position and Active directory.
With your requirement, I suggest other solution: create rule GPO on domain controller to manage member of group administrator on PC.
Please consider and contact me, we will discuss all the requirements/problem needed to resolve.
We can remote access via TeamViewer or AnyDesk.
Thank you.