Hi,
I want to connect a TrueNAS (Scale, 24.10) to an AD, but I’ll be darned if I use the domain Administrator account for that… 
So the plan is to create a dedicated (service) account for this. What are the minimum permissions such an account would need to function properly?
Hi and welcome to the forums.
I generally create the object in AD first and give my AD user full control over the object. Full control probably not needed but why not when doing it this way. Auth only happens on first join.
Make sure before join that your Netbios Name is an exact match to your AD object.
It was indeed as simple as that!
Thank you for the swift and useful reply 
An alternative procedure if you have a fleet of TrueNAS servers joined to AD is to create an Organizational Unit (OU) in AD and adjust permissions on the OU in AD to allow management by a non domain admin.
You can specify the OU in which TrueNAS will create its computer account on domain join in the TrueNAS UI.
As mentioned, the provided account is only used to join TrueNAS to AD. The join process creates a computer account in AD and stores its credential information on TrueNAS. At that point we destroy the user-related kerberos ticket used for the join and begin to use the new computer account for all AD-related operations.
