Hello,
The activation of MFA server is performed using a key provided in the Azure portal.

1.  Does MFA server requires users defined for second factor to be synced to Azure AD? Or it will perform second factor for any user that is defined with it?

2. Would that same MFA server work if I'll deploy it in the environment where there's non-Microsoft LDAP directory is used for the users? That LDAP directory is not synced to Azure.
3. Given AADConnect allows sync of multiple forests to single tenant, say I would like to sync 3 domains to 3 directories within the same tenant, I assume I should be able to use the same "activation key" for MFA server across multiple domains, there would be 3 MFA servers deployed in each domain, is that a correct assumption? 
Thank you.