1. I don't believe they have to be on the same domain.
and #2 I received an answer from one of our tech support folks - B) "For all Active Directory scenarios, we recommend updating the Tableau Server Run As User with a domain user account." per http://onlinehelp.tableau.com/current/server/en-us/runas.htm. They may wish to consult Create and Update the Run As User Account (http://onlinehelp.tableau.com/current/server/en-us/runas_acct.htm) for best practices
I hope that helps.
Not sure if Tableau restricts it, but I would recommend for the account and machine to be on the same domain. I have run into this issue before. For example, the DEV account couldn't be added to the Tableau Server because it was on another domain (i.e., PAT).
Would recommend to use the Service Account for Tableau installation. The Service Account should have the admin permissions to the machine.