Can DCSync be executed from a machine outside the domain? If so, how?

Yes, the approach is the same as from a domain host but performed externally. The attacker must have network access to a domain controller and valid domain credentials (e.g., using secretsdump.py with a password or hash). Tools like Mimikatz can also be used remotely if a high-privilege ticket is imported. The core requirement remains the same: possession of sufficient privileges on the target domain. For complete methods, see the Domain Penetration - Method to Export All Domain User Hashes Using DCSync article.