Ok by default Composer must be in the same domain or at list have Trust Relationship with domains where Linked Clone will be deployed….
But with Composer you can also deploy on other domains, the caveat however is that you can’t browse the OU on Horizon Admin console so you need to Copy/Past or write the full path for the correct OU.
That said, if you look at the firewall port required by Composer, unless 18433 between Horizon Connection Server (brokers) and Composer plus 1433 to join the Ms SQL Server, nothing is really explained and a doubt can exist about which port is required (and also who create account in the domain). So here the answer 🙂 :
First I confirm, Composer server is responsible to reach the AD domains and create Computer accounts. So the required port are :
Source Destination Ports Service
Composer AD Controllers 88/TCP Kerberos
Composer AD Controllers 135/TCP RPC
Composer AD Controllers 389/TCP LDAP