Would it somehow be possible to - partially - sync AD users (max 200) with IPA while still using a trust with the same domain?

Logically this sounds like a bad idea, but my colleagues would really really like to use IPA also for AIX. The biggest limitation is that the AIX client doesn't work well with <user>@<AD Domain> in IPA compat.

What would possible work-arounds be to make use of IPA on AIX...?

A custom virtual LDAP which strips the @<AD domain> part, but keeps all other LDAP data the same?

Using some commercial offering? 

Sincerely Pieter