On the "install required components" page in the custom setting setup wizard we can give up a service account:
1) is this account only used to start the sync service locally on the server?
2) is this account not used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
On the "connect your directories" page in the custom setting setup wizard we need to enter credentials:
1) this account is used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?
2) this account we enter can only be a domain user right
3) this blog (https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnect-account-summary/)
spreaks about setting additional permissions on the account if we use specific scenario such as password sync and hybrid environment. The blog post describes which permissions are needed but not how to set these. Is there a guide how to set these permissions,
is there a script how to set this permissions?