We're looking at using Adaxes in an MSP environment with around 30 clients, each with their own domain. Some of these clients are hybrid on-prem/Azure, while others are Azure AD only. Some of the clients have on-prem domains with the .local TLD. Some have on-prem domains with .com and have a website hosted on the same domain on a different IP than their DC server. Et cetera.
I'm looking to get as much info as is practical about how Adaxes talks to managed domains that aren't on the same network as the server that the Adaxes service is installed on, so that I can apply it to as many different situations as possible.
First - I have a vague understanding from this question that I need to set up conditional forwarders on the MSP DNS server pointing to each of the client DNS servers, but I'd like to get some more info about that - where specifically does it need to point? What about .local on-prem domains?
Second - I figure that all the ports listed here need to be open to the internet on the client DC servers - are there security implications here?