AD Group Policy

I've just inherited a new AD/ Domain.
Currently there are 2 DCs (A and B)
DC A has no local security policy defined, no Domain 
controller security policy defined, and no Domain security 
policy defined (all default)
DC B has some items defined in Local security policy, but 
no domain controller policy or domain security policy 
defined (all default).
Question:
1. Since some users (non-administrators) exhibit the 
ability to add workstations to the domain while other 
users (also non-administrators) are denied that ability 
could one assume that is due to users being authenticated 
by domain controllers with differing local security 
policies as outlined above (DC A does not allow, while DC 
B does allow)?

2. If the local security policy defined on DC B 
(specifically the "add workstations to domain" policy set 
to administrators and authenticated users) existed before 
the server was promoted to a DC would that policy be 
inherited or assumed into the entire AD/ Domain policy as 
a whole allowing all authenticated users to add 
workstations?