we have a environment where we have three domain under a forest and developing a windows autopilot hybrid AAD solution. we are planning to place a second Intune AD connector environment, the article below only states to use service account to configure this, however require these question to be answered before requesting additional access for the service account & on intune ad connector scalability
1) Does the service account require full admin rights on the on-premises server hosting Intune AD connector?
2) if we have already configured both Intune AD connectors and they are currently working fine. Do we need to add the service account in the ‘log on’ as account settings for the Intune ODJ service or reconfigure the entire setup using this account?
3) This service accounts requires delegated right as allowed for the Intune AD connector on all target OU, irrespective of which domain it belongs to?
4) Are there any other requirement for the service account access (account to be synced in azure or license, etc.)
5) how many domain can a single Intune ad connector handle and upto how many clients at a time
6) would it be sufficient to have single connector for all three domain?
Appreciate any guidance on this.
Thanks in advance!!