I always used the domain administrator to join the active directory domain, but I've never set up more than a few machines. Is that considered a security risk, is the end-user somehow able to obtain the domain administrators password?
Are there any security implications, if a users workstation is joined to the active directory domain by the domain administrator?
Short answer: No there's no security implication.
You can use a domain admin account or an account with enough delegation to create machine account. This account will be used to login to the domain controller and create the machine account, the password won't stay on the machine in any way.
It's usually a good principle to create specific account for this task with the minimum privileges level if you're automating the provisioning of your workstation and their domain join as the password will be stored somewhere, so in case of leakage, there's fewer risks.
You can search about the "principle of least privileges" for more informations.
