All LDAP/AD users who login in to GO after the authentication is setup are given admin privileges unless you specifically grant admin permissions to user(s). As soon as you make any one user a Go administrator, all others will lose there admin permissions.
Reason being, Go provides two authentication mechanisms, LDAP and password file. However setting up this part does nothing for the authorisation, i.e. there is no restrictions at this point. It's only when user decides to enable authorisation by declaring explicit people and/or groups that belong to the admin role that authorisation is enabled.