Actually, there are three possible workarounds (I know that none is acceptable - technically speaking ): 1. Give Domain Admin permission to service account that is creating the object into AD; 2. Do not install MS15-096 patch; 3. remote AD integration from your profile - The definitive solution should be implemented in SCS 11, that we are expecting to be released soon.
Best Regards!
-Bruno Domingues