I am using Cisco Directory Connector to synchronize accounts form my on-premises Active Directory to Webex teams. I am confused around the setup of the connector in terms of the accounts required for pulling entities form Active Directory and for the setup. We are using the guide here.

We run the windows service under a standard AD user so it can read the accounts form our on-prem directory. We also need to use a Web Proxy to connect outwards to the Cisco cloud so we define the proxy under this account also. The guide is quite confusing. It states:

- For sign in to the connector, we do not require an administrative account in Active Directory. We require a local user account that is the same user as an full admin account in Cisco Webex Control Hub.

Q1: So when it refers to 'local user' I assume this simply means we need an account in ADDS say, svc_ciscodc and in the Webex Control Hub we also create an account with this name that has full admin role in Control Hub?

- While signing in to the connector, the sign-in account must be the same as the full admin account for Control Hub. By default, the connector uses the local system account to access Active Directory. However, you can use Windows services to configure another account to access Active Directory. (This information also applies to a Virtual Machine login.)

Q2: I have no idea what this means?!  

Q3: So in general operation where the connector is synchronizing the on-prem directory to cloud what is it using to authenticate? Is it an o-auth flow form the account used to sign in or the window service account or what?