Ok, i tested it with a different project name and with the admin role assigned in the project the domain-admin user is unable to manage users of the default domain.
However the problem still is that the domain-admin user is also able to create a project called admin in its own domain and with that he is still able to gain cloud-admin privileges.
I also think there should be a warning in the docs, as it could cause serious problems when it stays unnoticed by operators.
Ok, i tested it with a different project name and with the admin role assigned in the project the domain-admin user is unable to manage users of the default domain.
However the problem still is that the domain-admin user is also able to create a project called admin in its own domain and with that he is still able to gain cloud-admin privileges.
I also think there should be a warning in the docs, as it could cause serious problems when it stays unnoticed by operators.