I show in my latest TechNote how to utilize the PAN inbuilt domain RBAC to minimize the account privileges required to this account.
Can't understand why it would need domain admins rights, ubless you are have created some differing auth-profile/auth-sequence.... can U check your auth sequence stil lcheck the Local DB for your user?