Hi Joerg,
Question: Are there other ways to get the (almost) same result w/o
having admin access to AD?
No.
You will need to either:
1. Have your AD admins enter their domain admin password for you when you're running
the ipa trust-add command
2. Have your AD admins give you a one time password to be used for this purpose.
I will note for option two, there was a bug in the past that prevented this from working
with one-way trusts. The commands would complete however authentication and enumeration
would never work.