The Adaxes service account (specified during Adaxes installation) only requires the permissions to publish Adaxes service. No other permissions are required for the account. For details on how to grant the permissions, see section How do I grant permissions to publish Adaxes service of our installation guide: https://www.adaxes.com/help/InstallationGuide/#grant-permissions-to-publish-adaxes-service.
At the same time, all operations in a domain managed by Adaxes are performed using the account specified for the domain. It is recommended to use an account that is a member of the BUILTIN\Administrators group. However, it is not a requirement. It can be any account that has native AD permissions to perform the operations you need in Adaxes. The permissions need to be granted to the account manually in AD. Adaxes itself does not do anything about it. For information on how to check/change the account for a domain, see https://www.adaxes.com/help/ChangeManagedDomainServiceAccount.
For your information, during installation, the domain of the Adaxes service account is registered automatically using the account credentials. It is recommended to then change it to different account.