On the "install required components" page in the custom setting setup wizard we can give up a service account:

1) is this account only used to start the sync service locally on the server?
2) is this account not used in the sync tool itself to connect to AD and in the connector configuration to connect to AD?

On the "connect your directories" page in the custom setting setup wizard we need to enter credentials:

1) this account is used in the sync tool itself to connect to AD and in the connector configuration to connect to AD? 
2) this account we enter can only be a domain user right
3) this blog (https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-aadconnect-account-summary/) spreaks about setting additional permissions on the account if we use specific scenario such as password sync and hybrid environment. The blog post describes which permissions are needed but not how to set these. Is there a guide how to set these permissions, is there a script how to set this permissions?

Hi,

1 and 2) You provide 2 sets of credentials, the first has to be an account with AD administrative permissions, the second should be enterprise admin:

The Configuration Wizard uses the Enterprise Administrator credentials to create the directory synchronization service account, MSOL_AD_Sync. The Configuration Wizard creates the service account as a domain account with directory replication permissions on your local Active Directory, with a randomly generated complex password that never expires.

Furter reading on this:

Active Directory credentials

Getting Started with Windows Azure Active Directory Setting up the Windows Azure AD Tenant

3)

here's an example on how to set such permissions: How to grant the "Replicating Directory Changes" permission for the Microsoft Metadirectory Services ADMA service account