Currently this will need to either be a System Admin account with impersonate rights or you can use the users account assuming that you have the username and password for the account. A domain admin ( or Primary Domain Admin ) would not be able to do either call, unless it was for their own accounts.
I know that this has been requested in the past, currently it is not possible for domain admins.
A workaround for this would be to enable the option for domain admins to see passwords. Then you can use the user and password to edit the account.
authenticate as a domain admin
grab password for user
authenticate as that user
make your changes
Rinse and repeat. There are a few extra steps in there but you should still be able to get it to work without providing your system admin to a client on a shared box.